System and method for global data sharing

ABSTRACT

Sharing data in a data exchange across multiple cloud computing platforms and/or cloud computing platform regions is described. An example method can include generating a consumer account corresponding to a first cloud entity and receiving, by the first cloud entity, a copy of a data set from a provider account corresponding to a second cloud computing entity, wherein the first cloud computing entity and the second cloud computing entity represent different regions of a cloud computing platform. The method may also include accessing, by the consumer account, the copy of the data set.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.17/858,645, filed Jul. 6, 2022, which is a continuation of U.S. patentapplication Ser. No. 17/709,689, filed Mar. 31, 2022, now U.S. Pat. No.11,418,577, issued Aug. 16, 2022, which is a continuation of U.S. patentapplication Ser. No. 17/378,562, filed Jul. 16, 2021, now U.S. Pat. No.11,323,506, issued May 3, 2022, which is a continuation of U.S. patentapplication Ser. No. 17/220,887, filed Apr. 1, 2021, now U.S. Pat. No.11,082,483, issued Aug. 3, 2021, which is a continuation of U.S. patentapplication Ser. No. 16/814,875, filed Mar. 10, 2020, now U.S. Pat. No.10,999,355, issued May 4, 2021, which claims the benefit of U.S.Provisional Application No. 62/966,977, entitled “Global Data Sharing,”filed Jan. 28, 2020, the disclosures of which are incorporated herein byreference in its entirety.

TECHNICAL FIELD

The present disclosure relates to resource management systems andmethods that manage data storage and computing resources.

BACKGROUND

Databases are widely used for data storage and access in computingapplications. Databases may include one or more tables that include orreference data that can be read, modified, or deleted using queries.Databases may be used for storing and/or accessing personal informationor other sensitive information. Secure storage and access of databasedata may be provided by encrypting and/or storing data in an encryptedform to prevent unauthorized access. In some cases, data sharing may bedesirable to let other parties perform queries against a set of data.

BRIEF DESCRIPTION OF THE DRAWINGS

The described embodiments and the advantages thereof may best beunderstood by reference to the following description taken inconjunction with the accompanying drawings. These drawings in no waylimit any changes in form and detail that may be made to the describedembodiments by one skilled in the art without departing from the spiritand scope of the described embodiments.

FIG. 1A is a block diagram depicting an example computing environment inwhich the methods disclosed herein may be implemented.

FIG. 1B is a block diagram illustrating an example virtual warehouse.

FIG. 2 is a schematic block diagram of data that may be used toimplement a public or private data exchange in accordance with anembodiment of the present invention.

FIG. 3 is a schematic block diagram of components for implementing adata exchange in accordance with an embodiment of the present invention.

FIG. 4A is a process flow diagram of a method for controlled sharing ofdata among entities in a data exchange in accordance with an embodimentof the present invention.

FIG. 4B is a diagram illustrating data used for implementing privatesharing of data in accordance with an embodiment of the presentinvention.

FIG. 4C is a diagram illustrating a secure view for implementing privatesharing of data in accordance with an embodiment of the presentinvention.

FIG. 5 is a process flow diagram of a method for public sharing of dataamong entities in a data exchange in accordance with an embodiment ofthe present invention.

FIG. 6 is a process flow diagram of a method for performingbi-directional shares in a data exchange in accordance with anembodiment of the present invention.

FIG. 7 is a process flow diagram of a method for providing enriched datain a data exchange in accordance with an embodiment of the presentinvention.

FIG. 8 is a block diagram illustrating a network environment in which adata provider may share data via a cloud computing service.

FIG. 9 is an example private data exchange in accordance with anembodiment of the present invention.

FIG. 10 is a diagram illustrating an example secure view of shared datafrom a private data exchange.

FIG. 11 is a diagram illustrating an example tunneling of a data listingbetween two private data exchanges.

FIG. 12 is a diagram illustrating an example data query and deliveryservice according to some embodiments of the invention.

FIG. 13A is a block diagram of an example system of multiple cloudcomputing services sharing data with a data exchange.

FIG. 13B is a block diagram of an example system of a cloud computingservice sharing data with a data exchange across multiple regions of thecloud computing service.

FIG. 14 is a process flow diagram of a method for sharing data acrossmultiple cloud computing services and/or across multiple regions with acloud computing service.

FIG. 15 is a process flow diagram of a method for creating a listingwithin a data exchange, where the listing is available in differentcloud computing services and/or in multiple regions with a cloudcomputing service.

FIG. 16 is a process flow diagram of a method for creating a listing forpersonalized shares within a data exchange, where the listing isavailable in different cloud computing services and/or in multipleregions with a cloud computing service.

FIG. 17 is a process flow diagram of a method for sharing data with aVirtual Private Cloud (VPC).

FIG. 18 is a block diagram of an example computing device that mayperform one or more of the operations described herein, in accordancewith some embodiments.

DETAILED DESCRIPTION

Data providers often have data assets that are cumbersome to share. Adata asset may be data that is of interest to another entity. Forexample, a large online retail company may have a data set that includesthe purchasing habits of millions of customers over the last ten years.This data set may be large. If the online retailer wishes to share allor a portion of this data with another entity, the online retailer mayneed to use old and slow methods to transfer the data, such as afile-transfer-protocol (FTP), or even copying the data onto physicalmedia and mailing the physical media to the other entity. This hasseveral disadvantages. First, it is slow. Copying terabytes or petabytesof data can take days. Second, once the data is delivered, the sharercannot control what happens to the data. The recipient can alter thedata, make copies, or share it with other parties. Third, the onlyentities that would be interested in accessing such a large data set insuch a manner are large corporations that can afford the complexlogistics of transferring and processing the data as well as the highprice of such a cumbersome data transfer. Thus, smaller entities (e.g.,“mom and pop” shops) or even smaller, nimbler cloud-focused startups areoften priced out of accessing this data, even though the data may bevaluable to their businesses. This may be because raw data assets aregenerally too unpolished and full of potentially sensitive data to justoutright sell to other companies. Data cleaning, de-identification,aggregation, joining, and other forms of data enrichment need to beperformed by the owner of data before it is shareable with anotherparty. This is time-consuming and expensive. Finally, it is difficult toshare data assets with many entities because traditional data sharingmethods do not allow scalable sharing for the reasons mentioned above.Traditional sharing methods also introduce latency and delays in termsof all parties having access to the most recently-updated data.

A private data exchange may allow data providers to more easily andsecurely share their data assets with other entities. A private dataexchange can be under the data provider's brand, and the data providermay control who can gain access to it. The private data exchange may befor internal use only, or may also be opened to customers, partners,suppliers, or others. The data provider may control what data assets arelisted as well as control who has access to which sets of data. Thisallows for a seamless way to discover and share data both within a dataprovider's organization and with its business partners.

The private data exchange may be facilitated by a cloud computingservice such as SNOWFLAKE, and allows data providers to offer dataassets directly from their own online domain (e.g., website) in aprivate online marketplace with their own branding. The private dataexchange may provide a centralized, managed hub for an entity to listinternally or externally-shared data assets, inspire data collaboration,and also to maintain data governance and to audit access. With theprivate data exchange, data providers may be able to share data withoutcopying it between companies. Data providers may invite other entitiesto view their data listings, control which data listings appear in theirprivate online marketplace, control who can access data listings and howothers can interact with the data assets connected to the listings. Thismay be thought of as a “walled garden” marketplace, in which visitors tothe garden must be approved and access to certain listings may belimited.

As an example, Company A may be a consumer data company that hascollected and analyzed the consumption habits of millions of individualsin several different categories. Their data sets may include data in thefollowing categories: online shopping, video streaming, electricityconsumption, automobile usage, internet usage, clothing purchases,mobile application purchases, club memberships, and online subscriptionservices. Company A may desire to offer these data sets (or subsets orderived products of these data sets) to other entities. For example, anew clothing brand may wish to access data sets related to consumerclothing purchases and online shopping habits. Company A may support apage on its website that is or functions substantially similar to aprivate data exchange, where a data consumer (e.g., the new clothingbrand) may browse, explore, discover, access and potentially purchasedata sets directly from Company A. Further, Company A may control: whocan enter the private data exchange, the entities that may view aparticular listing, the actions that an entity may take with respect toa listing (e.g., view only), and any other suitable action. In addition,a data provider may combine its own data with other data sets from,e.g., a public data exchange, and create new listings using the combineddata.

A private data exchange may be an appropriate place to discover,assemble, clean, and enrich data to make it more monetizable. A largecompany on a private data exchange may assemble data from across itsdivisions and departments, which could become valuable to anothercompany. In addition, participants in a private ecosystem data exchangemay work together to join their datasets together to jointly create auseful data product that any one of them alone would not be able toproduce. Once these joined datasets are created, they may be listed on apublic or private data exchange.

The systems and methods described herein provide a flexible and scalabledata warehouse using a new data processing platform. In someembodiments, the described systems and methods leverage a cloudinfrastructure that supports cloud-based storage resources, computingresources, and the like. Example cloud-based storage resources offersignificant storage capacity available on-demand at a low cost. Further,these cloud-based storage resources may be fault-tolerant and highlyscalable, which can be costly to achieve in private data storagesystems. Example cloud-based computing resources are available on-demandand may be priced based on actual usage levels of the resources.Typically, the cloud infrastructure is dynamically deployed,reconfigured, and decommissioned in a rapid manner.

In the described systems and methods, a data storage system utilizes anSQL (Structured Query Language)-based relational database. However,these systems and methods are applicable to any type of database, andany type of data storage and retrieval platform, using any data storagearchitecture and using any language to store and retrieve data withinthe data storage and retrieval platform. The systems and methodsdescribed herein further provide a multi-tenant system that supportsisolation of computing resources and data between differentcustomers/clients and between different users within the samecustomer/client.

FIG. 1A is a block diagram of an example computing environment 100 inwhich the systems and methods disclosed herein may be implemented. Inparticular, a cloud computing platform 110 may be implemented, such asAMAZON WEB SERVICES™ (AWS), MICROSOFT AZURE™, GOOGLE CLOUD™, or thelike. As known in the art, a cloud computing platform 110 providescomputing resources and storage resources that may be acquired(purchased) or leased and configured to execute applications and storedata.

The cloud computing platform 110 may host a cloud computing service 112that facilitates storage of data on the cloud computing platform 110(e.g. data management and access) and analysis functions (e.g., SQLqueries, analysis), as well as other computation capabilities (e.g.,secure data sharing between users of the cloud computing platform 110).The cloud computing platform 110 may include a three-tier architecture:data storage 140, query processing 130, and cloud services 120.

Data storage 140 may facilitate the storing of data on the cloudcomputing platform 110 in one or more cloud databases 141. Data storage140 may use a storage service such as AMAZON S3 to store data and queryresults on the cloud computing platform 110. In particular embodiments,to load data into the cloud computing platform 110, data tables may behorizontally partitioned into large, immutable files which may beanalogous to blocks or pages in a traditional database system. Withineach file, the values of each attribute or column are grouped togetherand compressed using a scheme sometimes referred to as hybrid columnar.Each table has a header which, among other metadata, contains theoffsets of each column within the file.

In addition to storing table data, data storage 140 facilitates thestorage of temp data generated by query operations (e.g., joins), aswell as the data contained in large query results. This may allow thesystem to compute large queries without out-of-memory or out-of-diskerrors. Storing query results this way may simplify query processing asit removes the need for server-side cursors found in traditionaldatabase systems.

Query processing 130 may handle query execution within elastic clustersof virtual machines, referred to herein as virtual warehouses or datawarehouses. Thus, query processing 130 may include one or more virtualwarehouses 131, which may also be referred to herein as data warehouses.The virtual warehouses 131 may be one or more virtual machines operatingon the cloud computing platform 110. The virtual warehouses 131 may becompute resources that may be created, destroyed, or resized at anypoint, on demand. This functionality may create an “elastic” virtualwarehouse that expands, contracts, or shuts down according to the user'sneeds. Expanding a virtual warehouse involves generating one or morecompute nodes 132 to a virtual warehouse 131. Contracting a virtualwarehouse involves removing one or more compute nodes 132 from a virtualwarehouse 131. More compute nodes 132 may lead to faster compute times.For example, a data load which takes fifteen hours on a system with fournodes might take only two hours with thirty-two nodes.

Cloud services 120 may be a collection of services that coordinateactivities across the cloud computing service 112. These services tietogether all of the different components of the cloud computing service112 in order to process user requests, from login to query dispatch.Cloud services 120 may operate on compute instances provisioned by thecloud computing service 112 from the cloud computing platform 110. Cloudservices 120 may include a collection of services that manage virtualwarehouses, queries, transactions, data exchanges, and the metadataassociated with such services, such as database schemas, access controlinformation, encryption keys, and usage statistics. Cloud services 120may include, but not be limited to, authentication engine 121,infrastructure manager 122, optimizer 123, exchange manager 124,security 125 engine, and metadata storage 126.

FIG. 1B is a block diagram illustrating an example virtual warehouse131. The exchange manager 124 may facilitate the sharing of data betweendata providers and data consumers, using, for example, a private dataexchange. For example, cloud computing service 112 may manage thestorage and access of a database 108. The database 108 may includevarious instances of user data 150 for different users, e.g. differententerprises or individuals. The user data may include a user database152 of data stored and accessed by that user. The user database 152 maybe subject to access controls such that only the owner of the data isallowed to change and access the user database 152 upon authenticatingwith the cloud computing service 112. For example, data may be encryptedsuch that it can only be decrypted using decryption informationpossessed by the owner of the data. Using the exchange manager 124,specific data from a user database 152 that is subject to these accesscontrols may be shared with other users in a controlled manner accordingto the methods disclosed herein. In particular, a user may specifyshares 154 that may be shared in a public or private data exchange in anuncontrolled manner or shared with specific other users in a controlledmanner as described above. A “share” encapsulates all of the informationrequired to share data in a database. A share may include at least threepieces of information: (1) privileges that grant access to thedatabase(s) and the schema containing the objects to share, (2) theprivileges that grant access to the specific objects (e.g., tables,secure views, and secure UDFs), and (3) the consumer accounts with whichthe database and its objects are shared. When data is shared, no data iscopied or transferred between users. Sharing is accomplished through thecloud services 120 of cloud computing service 112.

Sharing data may be performed when a data provider creates a share of adatabase in the data provider's account and grants access to particularobjects (e.g., tables, secure views, and secure user-defined functions(UDFs)). Then a read-only database may be created using the informationprovided in the share. Access to this database may be controlled by thedata provider.

Shared data may then be used to process SQL queries, possibly includingjoins, aggregations, or other analysis. In some instances, a dataprovider may define a share such that “secure joins” are permitted to beperformed with respect to the shared data. A secure join may beperformed such that analysis may be performed with respect to shareddata but the actual shared data is not accessible by the data consumer(e.g., recipient of the share). A secure join may be performed asdescribed in U.S. application Ser. No. 16/368,339, filed Mar. 18, 2019.

User devices 101-104, such as laptop computers, desktop computers,mobile phones, tablet computers, cloud-hosted computers, cloud-hostedserverless processes, or other computing processes or devices may beused to access the virtual warehouse 131 or cloud service 120 by way ofa network 105, such as the Internet or a private network.

In the description below, actions are ascribed to users, particularlyconsumers and providers. Such actions shall be understood to beperformed with respect to devices 101-104 operated by such users. Forexample, notification to a user may be understood to be a notificationtransmitted to devices 101-104, an input or instruction from a user maybe understood to be received by way of the user's devices 101-104, andinteraction with an interface by a user shall be understood to beinteraction with the interface on the user's devices 101-104. Inaddition, database operations (joining, aggregating, analysis, etc.)ascribed to a user (consumer or provider) shall be understood to includeperforming such actions by the cloud computing service 112 in responseto an instruction from that user.

FIG. 2 is a schematic block diagram of data that may be used toimplement a public or private data exchange in accordance with anembodiment of the present invention. The exchange manager 124 mayoperate with respect to some or all of the illustrated exchange data200, which may be stored on the platform executing the exchange manager124 (e.g., the cloud computing platform 110) or at some other location.The exchange data 200 may include a plurality of listings 202 describingdata that is shared by a first user (“the provider”). The listings 202may be listings in a private data exchange or in a public data exchange.The access controls, management, and governance of the listings may besimilar for both a public data exchange and a private data exchange. Alisting 202 may include metadata 204 describing the shared data. Alisting 202 may include metadata 204 describing the shared data. Themetadata 204 may include some or all of the following information: anidentifier of the sharer of the shared data, a URL associated with thesharer, a name of the share, a name of tables, a category to which theshared data belongs, an update frequency of the shared data, a catalogof the tables, a number of columns and a number of rows in each table,as well as name and descriptions of the columns. The metadata 204 mayalso include examples to aid a user in using the data. Such examples mayinclude sample tables or views that include a sample of rows and columnsof an example table, example queries that may be run against the tablesand/or possibly the results thereof, example views of an example table,example visualizations (e.g., graphs, dashboards) based on a table'sdata. Other information included in the metadata 204 may be metadata foruse by business intelligence tools, text description of data containedin the table, keywords associated with the table to facilitatesearching, bloom filters or other full text indices of the data incertain columns, a link (e.g., URL) to documentation related to theshared data, and a refresh interval indicating how frequently the shareddata is updated (or an indication that the shared data is updatedcontinuously) along with the date the data was last updated.

The listing 202 may include access controls 206, which may beconfigurable to any suitable access configuration. For example, accesscontrols 206 may indicate that the shared data is available to anymember of the private exchange without restriction (an “any share” asused elsewhere herein). The access controls 206 may specify a class ofusers (members of a particular group or organization) that are allowedto access the data and/or see the listing. The access controls 206 mayspecify that a “point-to-point” share (see discussion of FIG. 4 ) inwhich users may request access but are only allowed access upon approvalof the provider. The access controls 206 may specify a set of useridentifiers of users that are excluded from being able to access thedata referenced by the listing 202.

Note that some listings 202 may be discoverable by users without furtherauthentication or access permissions whereas actual accesses are onlypermitted after a subsequent authentication step (see discussion ofFIGS. 4 and 6 ). The access controls 206 may specify that a listing 202is only discoverable by specific users or classes of users.

Note also that a default function for listings 202 is that the datareferenced by the share is not exportable or copyable by the consumer.Alternatively, the access controls 206 may specify that this operationis not permitted. For example, access controls 206 may specify thatsecure operations (secure joins and secure functions as discussed below)may be performed with respect to the shared data such that viewing andexporting of the shared data is not permitted.

In some embodiments, once a user is authenticated with respect to alisting 202, a reference to that user (e.g., user identifier of theuser's account with the virtual warehouse 131) is added to the accesscontrols 206 such that the user will subsequently be able to access thedata referenced by the listing 202 without further authentication.

The listing 202 may define one or more filters 208. For example, thefilters 208 may define specific identity data 214 of users that may viewreferences to the listing 202 when browsing the catalog 220. The filters208 may define a class of users (users of a certain profession, usersassociated with a particular company or organization, users within aparticular geographical area or country) that may view references to thelisting 202 when browsing the catalog 220. In this manner, a privateexchange may be implemented by the exchange manager 124 using the samecomponents. In some embodiments, an excluded user that is excluded fromaccessing a listing 202, i.e. adding the listing 202 to the consumedshares 156 of the excluded user, may still be permitted to view arepresentation of the listing when browsing the catalog 220 and mayfurther be permitted to request access to the listing 202 as discussedbelow. Requests to access a listing by such excluded users and otherusers may be listed in an interface presented to the provider of thelisting 202. The provider of the listing 202 may then view demand foraccess to the listing and choose to expand the filters 208 to permitaccess to excluded users or classes of excluded users (e.g., users inexcluded geographic regions or countries).

Filters 208 may further define what data may be viewed by a user. Inparticular, filters 208 may indicate that a user that selects a listing202 to add to the consumed shares 156 of the user is permitted to accessthe data referenced by the listing but only a filtered version that onlyincludes data associated with the identity data 214 of that user,associated with that user's organization, or specific to some otherclassification of the user. In some embodiments, a private exchange isby invitation: users invited by a provider to view listings 202 of aprivate exchange are enabled to do by the exchange manager 124 uponcommunicating acceptance of an invitation received from the provider.

In some embodiments, a listing 202 may be addressed to a single user.Accordingly, a reference to the listing 202 may be added to a set of“pending shares” that is viewable by the user. The listing 202 may thenbe added to a group of shares of the user upon the user communicatingapproval to the exchange manager 124.

The listing 202 may further include usage data 210. For example, thecloud computing service 112 may implement a credit system in whichcredits are purchased by a user and are consumed each time a user runs aquery, stores data, or uses other services implemented by the cloudcomputing service 112. Accordingly, usage data 210 may record an amountof credits consumed by accessing the shared data. Usage data 210 mayinclude other data such as a number of queries, a number of aggregationsof each type of a plurality of types performed against the shared data,or other usage statistics. In some embodiments, usage data for a listing202 or multiple listings 202 of a user is provided to the user in theform of a shared database, i.e. a reference to a database including theusage data is added by the exchange manager 124 to the consumed sharesof the user.

The listing 202 may also include a heat map 211, which may represent thegeographical locations in which users have clicked on that particularlisting. The cloud computing service 112 may use the heat map to makereplication decisions or other decisions with the listing. For example,a private data exchange may display a listing that contains weather datafor Georgia, USA. The heat map 211 may indicate that many users inCalifornia are selecting the listing to learn more about the weather inGeorgia. In view of this information, the cloud computing service 112may replicate the listing and make it available in a database whoseservers are physically located in the western United States, so thatconsumers in California may have access to the data. In someembodiments, an entity may store its data on servers located in thewestern United States. A particular listing may be very popular toconsumers. The cloud computing service 112 may replicate that data andstore it in servers located in the eastern United States, so thatconsumers in the Midwest and on the East Coast may also have access tothat data.

The listing 202 may also include one or more tags 213. The tags 213 mayfacilitate simpler sharing of data contained in one or more listings. Asan example, a large company may have a human resources (HR) listingcontaining HR data for its internal employees on a private dataexchange. The HR data may contain ten types of HR data (e.g., employeenumber, selected health insurance, current retirement plan, job title,etc.). The HR listing may be accessible to 100 people in the company(e.g., everyone in the HR department). Management of the HR departmentmay wish to add an eleventh type of HR data (e.g., an employee stockoption plan). Instead of manually adding this to the HR listing andgranting each of the 100 people access to this new data, management maysimply apply an HR tag to the new data set and that can be used tocategorize the data as HR data, list it along with the HR listing, andgrant access to the 100 people to view the new data set.

The listing 202 may also include version metadata 215. Version metadata215 may provide a way to track how the datasets are changed. This mayassist in ensuring that the data that is being viewed by one entity isnot changed prematurely. For example, if a company has an original dataset and then releases an updated version of that data set, the updatescould interfere with another user's processing of that data set, becausethe update could have different formatting, new columns, and otherchanges that may be incompatible with the current processing mechanismof the recipient user. To remedy this, the cloud computing service 112may track version updates using version metadata 215. The cloudcomputing service 112 may ensure that each data consumer accesses thesame version of the data until they accept an updated version that willnot interfere with current processing of the data set.

The exchange data 200 may further include user records 212. The userrecord 212 may include data identifying the user associated with theuser record 212, e.g. an identifier (e.g., warehouse identifier) of auser having user data 130 in service database 158 and managed by thevirtual warehouse 131.

The user record 212 may list shares associated with the user, e.g.,reference listings 154 created by the user. The user record 212 may listshares consumed by the user, e.g., reference listings 202 created byanother user and that have been associated to the account of the useraccording to the methods described herein. For example, a listing 202may have an identifier that will be used to reference it in the sharesor consumed shares of a user record 212.

The exchange data 200 may further include a catalog 220. The catalog 220may include a listing of all available listings 202 and may include anindex of data from the metadata 204 to facilitate browsing and searchingaccording to the methods described herein. In some embodiments, listings202 are stored in the catalog in the form of JavaScript Object Notation(JSON) objects.

Note that where there a multiple instances of the virtual warehouse 131on different cloud computing platforms, the catalog 220 of one instanceof the virtual warehouse 131 may store listings or references tolistings from other instances on one or more other cloud computingplatforms 110. Accordingly, each listing 202 may be globally unique(e.g., be assigned a globally unique identifier across all of theinstances of the virtual warehouse 131). For example, the instances ofthe virtual warehouses 131 may synchronize their copies of the catalog220 such that each copy indicates the listings 202 available from allinstances of the virtual warehouse 131. In some instances, a provider ofa listing 202 may specify that it is to be available on only onspecified one or more computing platforms 110.

In some embodiments, the catalog 220 is made available on the Internetsuch that it is searchable by a search engine such as BING or GOOGLE.The catalog may be subject to a search engine optimization (SEO)algorithm to promote its visibility. Potential consumers may thereforebrowse the catalog 220 from any web browser. The exchange manager 124may expose uniform resource locators (URLs) linked to each listing 202.This web page underlying each URL may be searchable can be sharedoutside of any interface implemented by the exchange manager 124. Forexample, the provider of a listing 202 may publish the URLs for itslistings 202 in order to promote usage of its listing 202 and its brand.

FIG. 3 illustrates various components 300-310 that may be included inthe exchange manager 124. A creation module 300 may provide an interfacefor creating listings 202. For example, a web page interface enables auser on one or more devices 101-104 to select data, e.g. a specifictable in user data 150 of the user, for sharing and enter valuesdefining some or all of the metadata 204, access controls 206, andfilters 208. In some embodiments, creation may be performed by a user byway of SQL commands in an SQL interpreter executing on the cloudcomputing platform 110 and accessed by way of a webpage interface on auser device 101-104.

A validation module 302 may validate information provided by a providerwhen attempting to create a listing 202. Note that in some embodimentsthe actions ascribed to the validation module 302 may be performed by ahuman reviewing the information provided by the provider. In otherembodiments, these actions are performed automatically. The validationmodule 302 may perform, or facilitate performing by a human operator ofvarious functions. These functions may include verifying that themetadata 204 is consistent with the shared data to which it references,verifying that the shared data referenced by metadata 204 is not pirateddata, personal identification information (PII), personal healthinformation (PHI) or other data for which sharing is undesirable orillegal. The validation module 302 may also facilitate the verificationthat the data has been updated within a threshold period of time (e.g.,within the last twenty-four hours). The validation module 302 may alsofacilitate verifying that the data is not static or not available fromother static public sources. The validation module 302 may alsofacilitate verifying that the data is more than merely a sample (e.g.,that the data is sufficiently complete to be useful). For example,geographically limited data may be undesirable whereas an aggregation ofdata that is not otherwise limited may still be of use.

The exchange manager 124 may include a search module 304. The searchmodule 304 may implement a webpage interface that is accessible by auser on one or more user devices 101-104 in order to invoke searches forsearch strings with respect to the metadata in the catalog 220, receiveresponses to searches, and select references to listings 202 in searchresults for adding to the consumed shares 156 of the user record 212 ofthe user performing the search. In some embodiments, searches may beperformed by a user by way of SQL commands in an SQL interpreterexecuting on the cloud computing platform 110 and accessed by way of awebpage interface on user devices 101-104. For example, searching forshares may be performed by way of SQL queries against the catalog 220within the SQL engine 310 discussed below.

The search module 304 may further implement a recommendation algorithm.For example, the recommendation algorithm could recommend other listing202 for a user based on other listings in the user's consumed shares 156or formerly in the user's consumed shares. Recommendations could bebased on logical similarity: one source of weather data leads to arecommendation for a second source of weather data. Recommendationscould be based on dissimilarity: one listing is for data in one domain(geographic area, technical field, etc.) results in a listing for adifferent domain to facilitate complete coverage by the user's analysis(different geographic area, related technical field, etc.).

The exchange manager 124 may include an access management module 306. Asdescribed above, a user may add a listing 202. This may requireauthentication with respect to the provider of the listing 202. Once alisting 202 is added to the consumed shares 156 of the user record 212of a user, the user may be either (a) required to authenticate each timethe data referenced by the listing 202 is accessed or (b) beautomatically authenticated and allowed to access the data once thelisting 202 is added. The access management module 306 may manageautomatic authentication for subsequent access of data in the consumedshares 156 of a user in order to provide seamless access of the shareddata as if it was part of the user data 150 of that user. To that end,the access management module 306 may access controls 206 of the listing202, certificates, tokens, or other authentication material in order toauthenticate the user when performing accesses to shared data.

The exchange manager 124 may include a joining module 308. The joiningmodule 308 manages the integration of shared data referenced by consumedshares 156 of a user with one another, i.e. shared data from differentproviders, and with a user database 152 of data owned by the user. Inparticular, the joining module 308 may manage the execution of queriesand other computation functions with respect to these various sources ofdata such that their access is transparent to the user. The joiningmodule 308 may further manage the access of data to enforce restrictionson shared data, e.g. such that analysis may be performed and the resultsof the analysis displayed without exposing the underlying data to theconsumer of the data where this restriction is indicated by the accesscontrols 206 of a listing 202.

The exchange manager 124 may further include a standard query language(SQL) engine 310 that is programmed to receive queries from a user andexecute the query with respect to data referenced by the query, whichmay include consumed shares 156 of the user and the user database 152owned by the user. The SQL engine 310 may perform any query processingfunctionality known in the art. The SQL engine 310 may additionally oralternatively include any other database management tool or dataanalysis tool known in the art. The SQL engine 310 may define a webpageinterface executing on the cloud computing platform 110 through whichSQL queries are input and responses to SQL queries are presented

Referring to FIG. 4A, the illustrated method 400 may be executed by theexchange manager 124 in order to implement a point-to-point sharebetween a first user (“provider 402”) and a second user (“consumer404”).

The method 400 may include the provider entering 406 metadata. This mayinclude a user on devices 101-104 of the provider entering the metadatainto fields of a form in a web page provided by the exchange manager124. In some embodiments, entering 406 of metadata may be made using SQLcommands by way of the SQL engine 310. The items of metadata may includesome or all of those discussed above with respect to the metadata 204 ofa listing 202. Step 406 may include receiving other data for a listing202, such as access controls 206 and parameters defining a filter 208.

The provider 402 may then invoke, on the devices 101-104, submission ofthe form and the data entered.

The exchange manager 124 may then verify 408 the metadata and validate410 the data referenced by the metadata. This may include performingsome or all of the actions ascribed to the validation module 302.

If the metadata and shared data are not successfully verified 408 andvalidated 410, the exchange manager 124 may notify the provider 402,such as by means of a notification through the web interface throughwhich the metadata was submitted at step 406.

If the metadata and shared data are not successfully verified 408 andvalidated 410, the exchange manager 124 may notify the provider 402,such as by way of the web interface through which the metadata wassubmitted at step 406.

The exchange manager 124 may further create 412 a listing 202 includingthe data submitted at step 406 and may further create an entry in thecatalog 220. For example, keywords, descriptive text, and other items ofinformation in the metadata may be indexed to facilitate searching.

Note that steps 406-412 may be performed by means of interface providedto the provider 402. Such an interface may include any suitable featuresincluding elements for inputting data (e.g., elements 204-210), andelements for generating a data listing. In addition, the interface mayinclude elements to publish or unpublish a data listing to make thelisting un-viewable to at least some other users. The interface may alsoinclude an element to update versions of the data listing or to rollback to a prior version of the listing or of the metadata associatedwith the listing. The interface may also include a list of pendingrequests to add a data listing or to add members to the data exchange.The interface may also include an indication of the number and othernon-identifying information related to the data consumers who haveaccessed a given listing, as well as a representation of usage patternsof the data referenced by a listing by the data consumers of thatlisting.

Another user acting as a consumer 404 may then browse 414 the catalog.This may include accessing a webpage providing a search interface to thecatalog. This webpage may be external to the virtual warehouse 131, i.e.accessible by users that are not logged into the virtual warehouse 131.In other embodiments, only users that are logged in to the virtualwarehouse 131 are able to access the search interface. As noted above,browsing of the catalog 220 may be performed using queries to the SQLengine 310 that reference the catalog 220. For example, user devices101-104 may have a web-based interface to the SQL engine 310 throughwhich queries against the catalog 220 are input by the consumer 404 andtransmitted to the SQL engine 310.

In response to the consumer's browsing activities, the exchange manager124 may display the catalog and perform 416 searches with respect to thecatalog to identify listings 202 having metadata corresponding toqueries or search strings submitted by the consumer 404. The manner inwhich this search is performed may be according to any search algorithmknown in the art. In the case of an SQL query, the query may beprocessed according to any approach for processing SQL queries known inthe art.

The exchange manager 124 may return results of a search string or SQLquery to the consumer's 404 devices 101-104, such as in the form of alisting of references to listings 202 identified according to the searchalgorithm or processing the SQL query. The listing may include items ofmetadata or links that the consumer 404 may select to invoke display ofmetadata. In particular, any of the items of metadata 204 of a listing202 may be displayed in the listing or linked to by an entry in thelisting corresponding to the search record 202.

Note that the exchange referenced in FIG. 4A may be a private exchangeor a public exchange. In particular, those listings 202 that aredisplayed and searched 416 and viewable by the consumer 404 duringbrowsing 414 may be limited to those having filters 208 that indicatethat the listing 202 is viewable by the consumer 404, an organization ofthe consumer, or some other classification to which the consumer 404belongs. Where the exchange is public, then the consumer 404 is notrequired to meet any filter criteria in some embodiments.

The method 400 may include the consumer 404 requesting 418 to accessdata corresponding to a listing 202. For example, by selecting an entryin the listing on the devices 101-104 of the consumer 404, which invokestransmission of a request to the exchange manager 124 to add the listing202 corresponding to the entry to the consumed shares 156 in the userrecord 212 of the consumer 404.

In the illustrated example, the listing 202 of the selected entry hasaccess controls 206. Accordingly, the exchange manager 124 may forward420 the request to the provider 402 along with an identifier of theconsumer 404. The consumer 404 and provider 402 may then interact to oneor both of (a) authenticate (login) 424 the consumer 404 with respect tothe provider 402 and (b) process 424 payment for access of the datareferenced by the listing 202. This interaction may be according to anyapproach to logging in or authenticating or known in the art. Likewise,any approach for processing payment between parties may be implemented.In some embodiments, the data warehouse module may provide a rebate tothe provider 402 due to credits consumed by the consumer 404 whenaccessing the shared data of the provider. Credits may be units of usagepurchased by a user that are then consumed in response to the servicesof the virtual warehouse 131 used by the consumer 404, e.g. queries andother analytics performed on data hosted by the virtual warehouse 131.The interaction may be directly between devices 126 of the consumer 404and provider 402 or may be performed by way of the exchange manager 124.In some embodiments, the exchange manager 124 authenticates the consumer404 using the access control information 206 such that interaction withthe provider 402 is not needed. Likewise, the listing 202 may definepayment terms such that the exchange manager 124 processes paymentwithout requiring interaction with the provider 402. Once the provider402 determines that the consumer 404 is authenticated and authorized toaccess the data referenced by the listing 202, the provider 402 maynotify 426 the exchange manager 124 that the consumer 404 may access thedata referenced by the listing 202. In response, the exchange manager124 adds 428 a reference to the listing 202 to the consumed shares 156in the user record 212 of the consumer 404.

Note that in some instances a listing 202 does not list specific data,but rather references a particular cloud service 120, e.g. the brandname or company name of a service. Accordingly, the request to accessthe listing 202 is a request to access user data 150 of the consumermaking the request. Accordingly, steps 422, 424, 426 includingauthenticating the consumer 404 with respect to the authenticationengine 121 such that the cloud service 120 can verify the identity ofthe consumer 404 and inform the exchange manager 124 of which data toshare with the consumer 404 and to indicate that the consumer 404 isauthorized to access that data.

In some embodiments, this may be implemented using a “single sign on”approach in which the consumer 404 authenticates (logs in) once withrespect to the cloud service 120 and thereafter is enabled to access theconsumers 404 data in the service database 158. For example, theexchange manager 124 may present an interface to the cloud service 120on the devices 101-104 of the consumer 404. The consumer 404 inputsauthentication information (username and password, certificate, token,etc.) into the interface and this information is forwarded to theauthentication engine 121 of the cloud service 120. The authenticationinformation processes the authentication information and, if theinformation corresponds to a user account, notifies the exchange manager124 that the consumer 404 is authenticated with respect to that useraccount. The exchange manager 124 may then identify the user data 150for that user account and create a database referencing it. A referenceto that database is then added to the consumed shares 156 of theconsumer 404.

In some embodiments, the user's authentication with respect to thevirtual warehouse 131 is sufficient to authenticate the user withrespect to the cloud service 120 such that steps 422, 424 are omitted inview of the prior authentication of the consumer 404. For example, thevirtual warehouse 131 may be indicated by the consumer 404 to the cloudservice 120 to be authorized to verify the identity of the consumer 404.

In some embodiments, the exchange manager 124 authenticates the consumer404 using the access control information 206 such that interaction withthe provider 402 is not needed. Likewise, the listing 202 may definepayment terms such that the exchange manager 124 processes paymentwithout requiring interaction with the provider 402. Accordingly, insuch embodiments, step 422 is performed by the exchange manager 124 andstep 426 is omitted. The exchange manager 124 then performs step 428once the consumer 404 is authenticated and/or provided required payment.

In some embodiments, adding a listing 202 to the consumed shares of aconsumer 404 may further include receiving, from the consumer 404,consent to the terms presented to the consumer 404. In some embodiments,where the terms of the agreement are changed by a provider 402 after aconsumer 404 has added the listing 202 according to the method 400 orother method described herein, the exchange manager 124 may require theconsumer 404 to agree to the changed terms before being allowed tocontinue to access the data referenced by the listing 202.

Adding 428 the data reference by the listing 202 may include creating adatabase referencing the data. A reference to this database may then beadded to the consumed shares 156 and this database may then be used toprocess queries referencing the data referenced by the share record.Adding 428 the data may include adding data filtered according tofilters 208. For example, data referenced by the listing 202 (e.g., afiltered view of the data) and that is associated with the consumer 404,organization of the consumer 404, or some other classification of theconsumer 404.

In some embodiments, adding the listing 202 to the user record 212 mayinclude changing the access controls 206 of the listing 202 to referencethe identity data 214 of the consumer 404 such that attempts to accessthe data referenced by the listing 202 will be permitted and executed bythe exchange manager 124.

The consumer 404 may then input 430 queries to the SQL engine 310 by wayof the consumer's devices 101-104. The queries may reference the datareferenced in the listing 202 added at step 428 as well as other datareferenced in the user database 152 and consumed shares 156. The SQLengine 310 then processes 432 the queries using the database created atstep 428 and returns the result to the consumer 404 or creates views,materialized views, or other data that may be accessed or analyzed bythe user. As noted above, the data of consumed shares operated upon bythe queries may have been previously filtered to include only datarelating to the consumer 404. Accordingly, different consumers 404adding the same listing 202 to their consumed shares 156 will seedifferent versions of the database referenced by the listing 202.

Referring to FIG. 4B, in some embodiments, the private sharing of dataand filtering of data according to identify of the consumer 404 may beimplemented using the illustrated data structures. For example, theservice database 158 of the provider 402 may include a customer map 434that includes entries for customer identifiers 436 of users of theservice provided by the provider 402, e.g. a service implemented by thecloud service 120 of the server and the customer identifier 436 being anidentifier for authenticating with the authentication interface 120. Thecustomer map 434 may map each customer identifier 436 to a warehouseidentifier 438, i.e. a user identifier used by a user to authenticatewith the virtual warehouse 131 such that the same user corresponds toboth identifiers 436, 438. The mapping between the identifiers 436 and438 may be performed by authenticating as described above (e.g., thesingle sign on approach described above).

The customer map 434 may further include a reference 440 to anentitlement table 442, which may be one of a plurality of entitlementtables 442. Each entitlement table 442 defines which of one or moretables 444 of the provider 402 may be accessed with the customer ID 436to which it is mapped. The entitlement table 442 may further definecolumns of a table 444 that can be accessed with the customer ID 436.The entitlement table 442 may further define rows or types of rows basedon one or more filtration criteria of a table 444 that can be accessedwith the customer ID 436. The entitlement table 442 may further define aschema for a table 444 that can be accessed with the customer ID 436.

A listing 202 for a table 444 may therefore specify that access to adata table 444 is to be performed as defined by the customer map 434.For example, referring to FIG. 4C, when a consumer 404 requests to add alisting 202 for a database for which access is defined according to thecustomer map, the exchange manager 124 may create a secure view 446according to the customer identifier 436 and entitlement table 442mapped to the warehouse identifier 438 of the consumer 404. The secureview may be generated by performing an inner join of the data tables 444of the database specified in the entitlement table 442 (or portionsthereof as specified in the entitlement table 442) that is filteredaccording to the customer identifier 436 such that a result of the joinincludes only data for the specific customer identifier 436 and includesonly those portions of the database (tables 444 and/or portions oftables 444) specified in the entitlement table 442. The manner in whichthe secure view is generated may be as described in U.S. applicationSer. No. 16/055,824 filed Aug. 6, 2018, and entitled SECURE DATA SHARINGIN A MULTI-TENANT DATABASE and U.S. application Ser. No. 16/241,463filed Jan. 7, 2019 and entitled SECURE DATA SHARING IN A MULTI-TENANTDATABASE.

FIG. 5 illustrates an alternative method 500 for sharing data that maybe performed when the consumer requests 418 to add a listing 202 that isavailable to the public or to all users of a private exchange. In thatcase, the exchange manager 124 adds 428 the reference to the listing 202to the consumed shares 156 of the consumer 404 and authentication orpayment steps are omitted. Step 428 may be performed as described aboveexcept that no change to access controls 206 is performed. Likewise,steps 430 and 432 may be performed with respect to the shared data asdescribed above. The exchange of FIG. 5 could be a public exchange or aprivate exchange as described above with respect to FIG. 4 . FIG. 5illustrates the case where if a listing 202 is viewable (i.e. filtercriteria permit viewing by the consumer 404 as described above), theconsumer 404 is able to add the listing 202 to the consumed shares 156of the consumer 404 without further authentication or payment.

Note that when a listing 202 is added to the consumed shares 156 of auser according to any of the methods disclosed herein, the exchangemanager 124 may notify consumers of the listing 202 when the datareferenced by the listing 202 is updated.

Referring to FIG. 6 , in some embodiments, a method 600 may include aconsumer 404 browsing a catalog and selecting a listing 202 as describedfor the other methods described herein (see, e.g., FIGS. 4A and 5 ),from the exchange manager 124, a bidirectional share with respect to thedata referenced by the listing (“the shared data”) and additional datain the user database 152 (“the user's data”). Note that in someembodiments the listing 202 of the provider 402 does not reference anyspecific data (e.g., a specific table or database) and instead offers toperform a service with respect to data provided by the consumer 404.Accordingly, in such instances “the shared data” as discussed below maybe understood to be replaced with “the offered service.”

In response to this request, the exchange manager 124 implements 604 apoint-to-point share of the shared data with respect to the consumer 404and the provider 402. This may be performed as described above withrespect to FIG. 4A, e.g. include authentication of the consumer 404 andpossibly filtering of the shared data to only include data associatedwith the consumer 404 as described above. The exchange manager 124 mayfurther implement a point-to-point share of the user's data with respectto the provider 402 as described with respect to FIG. 4A except: (a) theconsumer 404 acts as the provider and the provider 402 acts as theconsumer for the user's data and the user's data is added to theconsumed shares 156 of the provider 402 and (b) the consumer 404 neednot create a listing 202 for the user's data and the user's data neednot be listed in the catalog 220.

Following step 606, both the consumer 404 or the provider 402 haveaccess to the shared data and the user's data. Either may then runqueries against both of these, join them, perform aggregations on thejoined data, or perform any other actions or enrichments known in theart with respect to multiple databases.

In some embodiments, a bi-directional share may include, or be requestedby the consumer 404 to include, the provider 402 also joining 608 theshared data and the user data to obtain joined data and returning 610 areference to the joined data to the exchange manager 124 with a requestto add 612 a reference to the joined data to the consumed shares 156 ofthe consumer 404, which the exchange manager 124 does.

Accordingly, the consumer 404 will now have access to the joined data.Step 608 may further include performing other actions (aggregations,analysis) on the user data and shared data either before or afterjoining. Step 608 may be performed by the virtual warehouse 131 inresponse to the request form the consumer 404 to do so.

Note that the result of the join may be either (a) a new database thatis a result of the join or (b) a joined database view that defines ajoin of the shared data and the user data.

The result from step 608 (joining, aggregating, analyzing, etc.) mayalternatively be added to the original share performed at step 606, 608,e.g. a view (materialized or non-materialized) defining the operationsperformed at step 608.

Steps 608-612 may also be performed by the virtual warehouse 131 inresponse to a request from the consumer 404 or provider 402 to do soindependently from the request made at step 602.

Note that in many instances there are many consumers 404 that attempt toperform bi-directional shares with respect to the provider 402 and theseconsumers 404 may seek bi-directional shares with respect to their userdata that may be in many different formats (schemas) that may bedifferent from a schema used by the shared data of the provider 402.Accordingly, step 608 may include a transformation step. Thetransformation step maps a source schema of the user's data to a targetschema of the shared data. The transformation may be a statictransformation provided by a human operator. The transformation may beaccording to an algorithm that maps column labels of the source schemato corresponding column labels of the target schema. The algorithm mayinclude a machine learning or artificial intelligence model that istrained to perform the transformation. For example, a plurality oftraining data entries may be specified by human annotators that eachinclude as an input a source schema and as an output include a mappingbetween the source schema and the target schema. These entries may thenbe used to train a machine learning or artificial intelligence algorithmto output a mapping to a target schema for a given input source schema.

Data added to the shares consumed by the consumer 404 and provider 402may then be operated on by the consumer 404 and provider 402,respectively, such as by executing queries against the data, aggregatingthe data, analyzing the data, or performing any other actions describedherein as being performed with respect to shares added to the consumedshares 156 of a user.

In particular embodiments, a data provider may improve its relationshipwith business partners by enabling the secure interchange of data in abi-directional manner, as discussed above. Traditional methods ofbi-directional data sharing have been challenging to accomplish, andonly very limited sets of data are shared via APIs, FTP, or filetransfer between companies. And this often comes at great cost, expense,data latency, and even some security risk.

A data provider may instead host a private data exchange, and invitetheir customers and partners to participate in the exchange. Customersand partners may access data in secure views, for example, and they mayalso push data in the other direction as well. This could be to sharedata back to the host, but also to potentially list data so that otherparticipants of the ecosystem can securely share it as well. Data from apublic data exchange, other private exchanges, or from other externalsources may also be included.

Every large company depends on other companies, and on its customers.Bidirectionally sharing data not only from the company to and from theseparties, but also between these external parties themselves, can allowrich, collaborative data ecosystems to develop where groups of companiescan work together around data. They can securely discover, combine, andenrich data assets to help service a common customer, or to form newpartnerships amongst themselves. Some of these relationships may evenlead to opportunities to sell data, secure views of or functions acrossdata to other participants of a walled garden ecosystem.

Referring to FIG. 7 , the approach to sharing and consuming data asdescribed herein enables enrichment of data and return of that enricheddata to the exchange. For example, provider A may request 702 sharing ofdata (share 1) with the exchange in the same manner as for other methodsdescribed herein. The exchange manager 124 verifies, validates, and adds704 share 1 to the catalog 220.

A second provider B may then browse the catalog 220 and add 706 share 1to its consumed shares 156. Provider B may perform 708 operations on theshared data such as joining it with other data, performing aggregations,and/or performing other analysis with respect to share 1, resulting inmodified data (share 2). Provider B may then request 710 sharing ofshare 2 with the exchange as described herein. Note that the joining ofstep 708 may include joining any number of databases, such as any numberof shares based on any number of listings by any number of other users.Accordingly, iterations of steps 702-710 by many users may be viewed asa hierarchy in which a large number of listings 202 of multiple usersare narrowed down to a smaller number of listings 202 based on the datafrom the larger number of listings 202.

The exchange manager 124 verifies, validates, and adds 712 share 2 tothe catalog 220. This process may be repeated 714 with respect to share2, as provider A, provider B, or a different provider adds share 2,generates modified data based on it, and adds the result back to thecatalog in the same manner. In this manner, a rich ecosystem of data andanalysis may be made available to users. The shares according to themethod 700 may be any shares, point-to-point shares, private exchangeshares, or bi-directional exchange shares according to the methodsdisclosed herein.

Note that there is a possibility that provider may perform steps 708 and710 with respect to a listing 202 that is based on a listing 202. Forexample, listing L1 of provider A is used by provider B to createlisting L2, which is used by provider C to create listing L3, which isused by provider A to define listing L1. Such a flow could include anynumber of steps. This may be undesirable in some cases such thatmodification of listing L1 to reference L3 is not permitted in view L3being derived from L1. In other instances, such a loop is permittedprovided there is a time delay in when the data referenced by eachlisting is refreshed. For example, L1 may reference L3 provided L3 willnot be refreshed until some time after L1 is refreshed and therefore thecircular reference will not result in continuous updating of L1 and L3ad infinitum. Non-looping flows are also contemplated by thisdisclosure, such that listing L1 is not influenced by other providers'use of listing L1

The listing created at step 712 (Share 2) may either (a) include copiesof the data from Share 1 remaining after step 708 and as modifiedaccording to step 708 or (b) include a view referencing Share 1 (e.g., adatabase created based on the listing 202 for Share 1 according to themethods disclosed herein) and defining the operations performed at step708 without including actual data from Share 1 or derived from Share 1.Accordingly, a hierarchy as described above may be a hierarchy of viewsthat either reference one or both of listing 202 that are views createdaccording to the method 700 or listing 202 of data from one or moreproviders according to any of the methods disclosed herein.

In the methods disclosed herein approaches are disclosed for creatingshares (listings 202) and for adding shares. In a like manner, aconsumer 404 may instruct the exchange manager 124 to remove addedshares. A provider 402 may instruct the exchange manager 124 to ceasesharing certain listings 202. In some embodiments, this may beaccompanied by actions to avoid disrupting consumers 404 of thoselistings 202. Such as by notifying these consumers 404 and ceasing toshare the listings 202 only after a specified time period after thenotification or after all consumers 404 have removed references to thelistings 202 from their consumed shares 156.

Use Cases

In a first use case a company implements a private exchange according tothe methods described above. In particular, listing 202 of the companyare viewable only by consumers 404 that are associated (employees,management, investors, etc.) with the company. Likewise, adding oflisting 202 is permitted only for those associated with the company.When adding a listing 202 to the consumed shares 156, it may be filteredbased on the identity of the consumer that adds it, i.e. data that isrelevant to the consumer's role within the company.

In a second use case, a provider 402 creates a reader or reader/writeraccount for a consumer 404 that is not yet a user of the virtualwarehouse 131. The account may be associated with the account data ofthe consumer (see consumer map of FIG. 4B discussed above). The consumer404 may then log on to that account and then access the provider'slistings to access the consumer's data 404 that is managed by theprovider 402 (see, e.g. discussion of FIG. 4A).

In a fifth use case a consumer 404 adds shares that are private (e.g.,accessible due to the identity of the consumer 404 according to themethods described above) and shares that are public. These may then bejoined by the consumer 404 and used to process queries.

In a sixth use case, a listing 202 may be shared based on a subscription(e.g., monthly) or be accessed based on per-query pricing, or a credituplift multiplier. Accordingly, the exchange manager 124 may manageprocessing of payment and access such that the consumer 404 is allowedto access the data subject to the pricing model (subscription, perquery, etc.).

In a seventh use case, the exchange manager 124 implements securefunctions and secure machine learning models (both training and scoring)that may be used to process private data such that the consumer 404 isallowed to use the result of the function or machine learning model butdoes not have access to the raw data processed by the function ormachine learning model itself. Likewise, the consumer of the shared datais not allowed to export the shared data. The consumer is nonethelessallowed to perform analytical functions with respect to the shared data.For example, the following secure function may be implemented to enableviewing of customer shopping data in a secure manner:

create or replace secure function

UDF_DEMO.PUBLIC.get_market_basket(input_item_sk number(38))

returns table (input_item NUMBER(38,0), basket_item_sk NUMBER(38,0),

num_baskets NUMBER(38,0))

as

‘select input_item_sk, ss_item_sk_basket_Item, count(distinct

ss_ticket_number) baskets

from udf_demo.public.sales

where ss_ticket_number in (select ss_ticket_number fromudf_demo.public.sales where

ss_item_sk=input_item_sk)

group by ss_item_sk

order by 3 desc, 2’;

In an eighth use case, the exchange manager 124 may provide usagestatistics of a listing 202 by one or more consumers 404 to the provider402 of the listing, e.g. queries, credits used, tables scanned, tableshit, etc.

In a ninth use case, the systems and methods disclosed herein are usedfor industry-specific applications. For example:

1. Cybersecurity

-   -   a. Allows for sharing of risk vectors, bad actors, IP        white/black lists, realtime attacks in progress, known good/bad        emailers, etc.        2. Healthcare    -   a. Secure sharing of patient information, including cost        information and outcome information, among other types of        information    -   b. Secure multi-hospital databases so patients can share their        information to multiple providers. (e.g., if patient A lives in        California and travels to Florida on vacation, is injured, and        is treated in an emergency room, the hospital in Florida may be        able to access patient A's records from disparate hospitals and        providers.)

Other industries may also benefit from private or public sharing of dataaccording to the systems and methods disclosed herein. Such as thefinancial services industry, telecommunications industry, media andadvertising industry, government agencies, militaries, and intelligenceagencies.

In a tenth use case, a first user provides marketing services for asecond user and, therefore, the second user shares a customer list withthe first user. The first user shares data regarding a marketingcampaign to the second user, such as campaign metadata, current userevents (session start/end for specific users, purchases for specificusers, etc.). This may be accomplished using the bi-directional sharingof FIG. 6 . This data may be joined (customer list+customer events fromfirst user) in order to obtain a better understanding about events for aspecific user or groups of users. As noted above, this exchange of datamay be performed without creating copies or transferring data—each useraccesses the same copy of the shared data. Since no data is transferred,the data may be accessed in near real time as customer events occur.

FIG. 8 is a block diagram illustrating a network environment in which adata provider may share data via a cloud computing service. A dataprovider 810 may upload one or more data sets 820 in cloud storage usinga cloud computing service 112. These data sets may then become viewableby one or more data consumers 101-104. The data provider 810 may be ableto control, monitor, and increase the security of its data using thecloud computing service 112 using the methods and systems discussedherein. In particular embodiments, the data provider 810 may implement aprivate data exchange on its own online domain using the functionality,methods, and systems provided by cloud computing service 112. Dataproviders 810 may be any provider of data, such as retail companies,government agencies, polling agencies, non-profit organizations, etc.The data consumers 101-104 may be internal to the data provider 810 orexternal to the data provider 810. A data consumer that is internal tothe data provider may be an employee of the data provider. The dataprovider may be a bike-share company, which provides bicycles for adaily, monthly, annual, or trip-based fee. The bike share company maygather data about its users, such as basic demographic information aswell as ride information, including date of ride, time of ride, andduration of ride. This information may be available to employees of thebike share company via the cloud computing service 112.

The interaction between a data provider 810, private data exchange 812(as implemented by cloud computing service 112), and a data consumer maybe as follows. The data provider may create one or more listings 811using data sets 820. The listings may be for any suitable data. Forexample, a consumer data company may create a listing called “videostreaming” that contains data related to the video streaming habits of alarge number of users. The data provider may set listing policies 821related to who may view the listing 811, who may access the data in thelisting 811, or any other suitable policy. Such listing policies arediscussed above with reference to FIG. 2 . The data provider 810 maythen submit to the private exchange 812 at step 813. The private dataexchange 812 may be embedded inside a web domain of the data provider810. For example, if the web domain of the consumer data company iswww.entityA.com, the private data exchange may be found atwww.entityA.com/privatedataexchange. The private data exchange 812 mayreceive the listing and approve it at step 814 if the listing complieswith one or more rules as determined by the cloud computing service 112.The private data exchange 812 may then set up access controls at 815 atleast in part according to the listing policies what were set in step821. The private data exchange 812 may then invite members at step 816.The members may be data consumers 801. The data consumers 801 may acceptthe invitation at step 817 and then may begin consuming the data at 818.The type of data consumption may depend on the access controls that wereestablished at 815. For example, the data consumer may be able to readthe data only or share the data. As another example, a data consumer maybe able to do any combination of the above read, or share operations onthe data, subject to the access controls. In general, data sharing doesnot involve altering shared data.

In some embodiments, a data consumer 801 may independently access theprivate data exchange 812, either by directly navigating to the privatedata exchange 812 in a browser, or by clicking on an advertisement forthe private data exchange 812, or by any other suitable mechanism. Aprivate data exchange may also be rendered via custom or other code byaccessing listing and other information via an API. If the data consumer801 wishes to access the data within a listing and the listing is notalready universally available or the data consumer 801 does not alreadyhave access, the data consumer 801 may need to request access at step820. The data provider may approve or deny the request at 822. Ifapproved, the private data exchange may grant access to the listing at823. The user may then begin consuming the data as discussed above.

In particular embodiments, one or more data exchange administratoraccounts may be designated by the cloud computing service 112. The dataexchange administrator may manage members of the private data exchangeby designating members as data providers 810 or data consumers 801. Thedata exchange administrator may be able to control listing visibility byselecting which members can see a given listing. The data exchangeadministrator may also have other functions such as approving listingsbefore they are published on the private data exchange, track usage ofeach of the listings, or any other suitable administrative function. Insome embodiments, the data provider and the data exchange administratorare part of the same entity; in some embodiments, they are separateentities. The provider may create listings, may test sample queries onthe data underlying a listing, may set listing access, grant access tolisting requests, and track usage of each of the listings and the dataunderlying the listings. A data consumer 801 may visit a private dataexchange and browse visible listings which may appear as tiles. Toconsume the data underlying a listing, the consumer may eitherimmediately access the data, or may request access to the data.

FIG. 9 is an example private data exchange 900 in accordance with anembodiment of the present invention. Private data exchange 900 may bewhat a data consumer sees when she navigates to the private dataexchange on the web. For example, the data consumer may enterwww.entityA.com/privatedataexchange in her browser. As discussed herein,“Entity A Data Exchange” may be a private data exchange that isfacilitated by the cloud computing service 112 and is embedded intoEntity A's own web domain or into an application, or may be accessed viaan API. Private data exchange 900 may include several listings fordifferent data sets, for example listings A-L. The listing A-L may alsobe referred to herein as a data catalog, which may allow visitors to theprivate data exchange to view all the available listings in the privatedata exchange. These listings may be placed by an administrator internalto Entity A. Providing a data catalog in this manner may serve tocombine the benefits of crowdsourced content, data quality, and theright level of centralized control and coordination that can overcomethe challenges that have slowed the adoption of other approaches toenterprise data cataloging (e.g., indexing and crawling systems). Itallows users across an enterprise to contribute data, use data fromother groups, and join data together to create enriched data products,for both internal use as well as potentially for external monetization.

As an example and not by way of limitation, Entity A may be a consumerdata company that has collected and analyzed the consuming habits ofmillions of individuals in several different categories. Their data setsmay include data in the following categories: online shopping, videostreaming, electricity consumption, automobile usage, internet usage,clothing purchases, mobile application purchases, club memberships, andonline subscription services. Each of these data sets may correspond todifferent listings. For example, Listing A may be for online shoppingdata, Listing B may be for video streaming data, Listing C may be forelectricity consumption data, and so on. Note that the data may beanonymized so that individual identities are not revealed. The listingslocated below line 915 may correspond to third-party listings thatentity A may allow on its private data exchange. Such listings may begenerated by other data providers and may be subject to approval byEntity A before being added to the private data exchange 900. A dataconsumer may click on and view any of the listings subject to variousaccess controls and policies as discussed above with reference to FIGS.2, 4, and 8 .

In particular embodiments, a data provider may invite members to accessits private data exchange, as discussed with reference to FIG. 8 . Oneclass of members may be the physical and digital supply chain suppliersof the data provider. For example, a data provider may share data withsuppliers on its inventory levels or consumption of things provided bythe suppliers, so they can better meet the needs of the data provider.In addition, digital data providers may provide data directly into itsprivate data exchange, to make it immediately usable and joinable to theinternal enterprise data, saving costs for both parties on transmitting,storing, and loading the data.

Some companies such as hedge funds and marketing agencies bring in datafrom many external sources. Some hedge funds evaluate hundreds ofpotential data sets per year. A private data exchange may be used to notonly connect with data that has already been purchased, but can also beused to evaluate new data assets. For example, a hedge fund could havepotential data suppliers list their data on their private exchange, andthe fund could explore and “shop” for data in a private data store wherethey are the only customer. Such an internal data store could also“tunnel” in data assets from a public Data Exchange (e.g., the SNOWFLAKEpublic Data Exchange), as discussed with reference to FIG. 11 .

As another example, an existing provider of marketing data to a companycould list some additional datasets that their customer could use viatheir private exchange on a trial basis, and if the customer finds themuseful, the supplier can immediately provide full access through thesame exchange. These arrangements can bring much greater depth of data,bi-directional and much fresher data, and greater trust and transparencyto relationships between suppliers of data and physical goods and theircustomers.

FIG. 10 is a diagram illustrating an example secure view of shared datafrom a private data exchange. When a data consumer 1020 wishes to accessdata in a listing (e.g., Listing H), the cloud computing service 112 mayfacilitate access via a secure view of shared data 1010. The secure viewof shared data 1010 may include metadata 1015 that includes the metadataand access controls discussed herein with reference to FIG. 2 . This mayallow data providers to share data without exposing the underlyingtables or internal details. This makes the data more private and secure.With a secure view of shared data 1010, the view definition and detailsare only visible to authorized users.

In a private data exchange, data may be shared both within the sameentity and between different entities. Additionally, the data sharingmay be one-way, two-way, or multi-way. In one embodiment, his can leadto up to five main use-cases for sharing data: two-way inter-entity,two-way intra-entity, one-way inter-entity, one-way intra-entity, andmulti-way multi-entity. An example of two-way inter-entity data sharingmay be data sharing from portfolio companies to a parent company andbetween portfolio companies. An example of two-way intra entity datasharing may be data sharing from the headquarters of a large company tothe different business units within that company, and also data sharingfrom the business units to headquarters. An example of one-wayinter-entity data sharing may be a large data provider (e.g., a nationalweather service) that shares data with lots of different entities, butdoes not receive data from those entities. An example of one-wayintra-entity may be a large company that provides data to its respectivebusiness units but does not receive data from those business units. Inparticular embodiments, data may be shared as “point-to-point shares” ofspecific data, or as “any-shares.” A point-to-point share of specificdata may include a private data exchange share between a parent companyand specific portfolio companies. An any-share may include a privatedata exchange share from a parent company to a broad group of dataconsumers on a public or within a private exchange.

In particular embodiments, the cloud computing service 112 may generatea private data exchange for an entity who is the owner of the data to beshared on the private data exchange. The cloud computing service 112 maydesignate one or more administrators of the private data exchange. Theseadministrators may have control over the access rights of the privatedata exchange with regard to other users. For example, an administratormay be able to add another user account to the private data exchange anddesignate that account as a data provider, data consumer, exchangeadministrator, or a combination of these.

In particular embodiments, the exchange administrator may controlviewing and access rights to the private data exchange. Viewing rightsmay include a list of entities that may view the listing in the privatedata exchange. Access rights may include a list of entities that mayaccess the data after selecting a particular listing. For example, acompany may publish private data exchange 900 and may include severallistings, Listing A through Listing L. Each of these listings mayinclude their own individual viewing and access rights. For example,Listing A may include a first list of entities that have rights to viewthe listing on the private data exchange 900 and a second list ofentities that have rights to access the listing. Viewing a listing maysimply be to see that the listing exists on the private data exchange.Accessing a listing may be to select the listing and access theunderlying data for that listing. Access may include both viewing theunderlying data, manipulating that data, or both. Controlling viewingrights may be useful for data providers who do not want some users toeven know that a certain listing exists on the private data exchange.Thus, when a user who does not have viewing rights to a particularlisting visits the private data exchange, that user will not even seethe listing on the exchange. In particular embodiments, the abovediscussed viewing and access rights may be provisioned via anapplication program interface (API). The exchange catalog may be queriesand updated via the API. This may allow a data provider to show listingson its own application or website to anyone who visits. When a userwants to access or request access to data, the user may then create anaccount with the cloud computing service 112 and obtain access. In someembodiments, a URL may be called with a user requests access to datawithin a listing. This may allow for integration with external requestapproval workflows. For example, if a user makes an access request, anexternal request approval workflow of the data provider may be accessedand activated. The external request approval workflow may then operatenormally to perform an external request approval process. In someembodiments, a listing may be unlisted, which means that the listingexists but is not visible on the data exchange. To access an unlistedlisting, a consumer may input a global URL into the browser. This mayrequire a unique URL for each listing.

In particular embodiments, when a new private data exchange is createdfor a data provider, the cloud computing service 112 may designate anexchange admin (e.g., the data exchange administrator, as discussedabove), and may also generate the following metadata about the privatedata exchange: the name of the private data exchange, which needs to beunique, a display name, a logo, a short description of the private dataexchange, and an indication of whether approval from the exchange adminis necessary for publishing (e.g., Admin_Approval_for_Publishing). Thismay be a true/false statement. It may be set to true if the exchangeadmin needs to approve listings submitted to the private data exchangebefore they are published. It may be set to false if the exchange admindoes not need to provide such approval. In this case, providers canpublish data directly. If the exchange admin sets theAdmin_Approval_for_Publishing to True, the exchange admin may be able tosee a list of Listings, and select a listing to preview andapprove/reject. The owner of the private data exchange may be theaccount that is paying for the private data exchange. This metadatainformation may be stored as part of an Exchange object. Also stored inassociation with the private data exchange may be the users and accountswho provide data to the exchange, the consumers of the exchange, and theexchange admin(s).

In particular embodiments, the exchange admin may add members (e.g.,data providers and data consumers) to the private data exchange byinviting the members in any suitable manner. For example, by invitingthe users' accounts on the cloud computing service 112, or by sending anemail to the users' email account addresses. When the exchange adminadds a member to the private data exchange, the exchange admin may alsospecify one or more member-types: exchange admin, provider, or consumer.An exchange admin may be able to add and remove members from the privatedata exchange and to edit metadata associated with the private dataexchange. For each user, the exchange admin may designate whether theuser is an exchange admin, a data provider, and a data consumer, ormultiple of these roles. The following table summarizes the rightsassociated with each type of account.

TABLE 1 Rights Associated with Each Type of Private Data ExchangeAccount is_Exchange_ is_Data_ is_Data_ Admin Provider ConsumerDescription False False True Can Discover & Consume listings (subject toListing visibility and access rules), but cannot publish listings FalseTrue True Can Discover & Consume listings (subject to Listing visibilityand access rules), plus can publish listings False True False Canpublish listings, but when they go to the consumer view they only seetheir own listings. They will not be able to ‘get’ their own listing asthey will get a self-sharing prohibited error. True False False Can addmembers, remove members, change member roles, access list of memberaccounts, and edit metadata. True True True Can do everything a dataprovider and a data consumer can do, as well as add members, removemembers, change member roles, access list of member accounts, and editmetadata.

In some embodiments, if the exchange admin removes a member or changes amember's type from provider to a consumer only, then existing listingspublished by that member may become unpublished from the Exchange.Additionally, existing shares added to the Exchange by the member are nolonger considered part of the private data exchange. The listingspublished by that member may be archived, and are no longer visible inthe UI to anyone, including the member. The cloud computing service 112can un-archive this if the same member (same account on the cloudcomputing service 112) who has been removed is made a Provider again.

In some embodiments, the exchange admin may be able to specify a list ofcategories as well as edit an existing list. Categories may have iconsassociated with them, and the exchange admin may be able to specify theicon along with the category name.

When a member becomes a data provider, a provider profile may begenerated that includes a logo, a description of the provider, and a URLto the provider's website. When submitting listings, a provider may dothe following: select which private data exchange to publish the data in(e.g., many private exchanges may exist and the provider may need toselect a subset of these exchanges, which may be one or more), and setmetadata about the new listing. The metadata may include a listingtitle, a listing type (e.g., Standard or Personalized), a listingdescription, one or more usage examples (e.g., title and samplequeries), a listing category, which may be input as free form text, anupdate frequency for the listing, a support email/URL, and adocumentation link. The provider may also set access for the listing.The provider may allow the exchange admin to control the visibility ofthe listing, or the provider may retain that control for itself. Theprovider may also associate a share with a listing. For a standardshare, a listing may be associated with zero or more shares. Theprovider may associate shares to a listing through the UI or SQL. Forpersonalized shares, when the provider provisions a share in response toa request, the provider may associate that share with the listing. Whenthe provider wishes to publish the listing, the listing may first needapproval from the exchange admin, depending on the publishing rules ofthe private data exchange.

FIG. 11 is a diagram illustrating an example tunneling of a data listingbetween a public data exchange and a private data exchange.Alternatively, data may be tunneled between two public data exchanges orbetween two private data exchanges, or from one public exchange tomultiple private exchanges, or any other suitable combination. In someembodiments, an entity may wish to offer a publicly listed data listingon its private data exchange. For example, Entity B may wish to includeListing F of public data exchange 1100 on its own private data exchange1000. The data underlying Listing F may be tunneled from public dataexchange 1100 to private data exchange 1000. In particular embodiments,data may be tunneled between two private data exchanges. At times, afirst data provider may wish to allow a second data provider to listdata belonging to the first data provider on a private data exchange ofthe second data provider. Tunneling of data listings may allow the twodata providers to offer the same listing. As an example, Entity A andEntity B may have a business agreement to share listing F on each oftheir private data exchanges. Listing F may be the property of Entity A,but Entity B may have a license to offer it on its private data exchangeas well. In this case, both of the listings titled “Listing F” willpoint to the same data set stored in cloud computing platform 110. Thetunnel 1015 is a representation to illustrate that Listing F may beshared securely and easily between two or more data exchanges 1100 and1000. No data is copied or transferred in the tunneling. Instead, eachlisting contains a pointer to the data referenced by Listing F asdiscussed herein.

In particular embodiments, tunnel linking may be accomplished between aprivate data exchange and a public data exchange, or vice versa. Forinstance, data exchange 1100 may be a public data exchange. Entity B mayuse a listing listed on the public data exchange 1100 on its own privatedata exchange 1000 via tunnel 1015. In some embodiments, a data listingmay be tunneled from one data exchange to another data exchange and thenthe underlying data may be joined with another data set, and then a newlisting may be generated from the combined data set. As an example andnot by way of limitation, a first data set may be listed on a privatedata exchange that includes NBA player shooting statistics over the lastfive years. A second data set may be listed on a different data exchangethat includes weather data over the same time span. These two data setsmay be joined and listed as a new listing in either a private or apublic data exchange. Data consumers may then access this data set,subject to the viewing and access controls discussed herein, to gaininsight into how the weather might affect player shooting percentages.Additionally, if data is listed on a public data exchange (e.g., a dataexchange hosted by the cloud computing service 112), this data may betunneled to a private data exchange.

In some embodiments, tunneling of datasets may be used to create an“industry-wide” data exchange that is either public or private. Manydifferent entities may tunnel datasets to a “mega ecosystem dataexchange.” If a private ecosystem data exchange really takes off, itcould become so big and influential that it could become the standardplace for a whole industry to interchange, collaborate around, andmonetize data. There is probably room for one or two “mega ecosystemdata exchanges” in each industry. Once any one gains significanttraction, it could become the “go to” place for that industry. If morethan one viable exchange emerges in an industry, the respective hosts ofthese could decide to partner and “cross-tunnel” some (but maybe notall) assets between their exchanges to get critical mass.

While it is possible that industry coalitions could host such exchangesvia tunneling, it may be more likely that one or two large players ineach industry will bootstrap ecosystem private data exchanges fast andbroadly enough to become the defacto data exchange for their industry.This provides a significant incentive for companies that want to becomemajor players in the data side of their industries to start as soon asthey can to build their internal data exchanges and then open them upquickly to their suppliers, customers, and partners.

FIG. 12 is a diagram illustrating an example data query and deliveryservice 1200 according to some embodiments of the invention. Data queryand delivery service 1200 illustrates four ways a data provider may beable to share data. The first way is through a data exchange 900. Thedata exchange 900 may be a public data exchange or a private dataexchange. The data provider 1210 may list 1211 the data on the dataexchange according to the methods and systems described herein withreference to FIGS. 2, 4, and 8 . The data consumer 1220 may access thedata in the listings by either accepting an invitation from the dataprovider as discussed herein or by requesting 1212 access to the listingas discussed herein with reference to FIG. 8 . The second way data maybe shared is by directly sharing the data at 1213. This may be apoint-to-point share as discussed with reference to FIG. 4 , or may beany other suitable type of share, accomplished using the secure datashare methods discussed herein. Note that the data provider 1210 and thedata consumer 1220 are both users of the cloud computing service 112. Ifthe data provider 1210 wishes to share data with a non-user 1230, thisis possible as a third way to share the data, with a reader account 1215a or with a reader/writer account 1215 b. Here the non-user may need tohave a reader account but may not need to be an actual user of the cloudcomputing service 112. A reader account may allow the non-user 1230 toview the data but do nothing else to the data. Finally, a fourth way toshare data is via a file drop to cloud storage 1214. Here the dataprovider 1210 may make a copy of a data set 1216 and may allow foranother non-user 1230 to have the data set 1216. This way of sharingdata may not allow the data provider 1210 to retain control of the dataset. Thus, using the fourth way, the non-user 1230 may be able to view,manipulate, and re-share the data.

Global Data Sharing

As described above, the private data exchange is used within one dataregion of a cloud computing service or within a single cloud computingservice. A customer may like to be able to have one or more listingsacross multiple regions of a cloud computing platform and/or acrossmultiple cloud computing platforms. In order for a data provider toshare data sets across multiple cloud computing platform regions and/ormultiple cloud computing platforms, the data providers would need to setup accounts in different regions, login to each account to setupreplication, and refresh using tasks. The data provider would need toshare with the consumer in the target region as well as needing toreplicate the entire database. This whole process adds significantoverhead for a data provider. In addition, when a virtual private cloud(VPC) customer wants to consume shared data through the data exchange,this customer currently does not have a way to do this within their VPCaccount. A workaround, such as asking the customer to open amulti-tenant account and persisting the shared data there, puts a burdenon the consumer. In one embodiment, a multi-tenant account is an accountin a system that supports isolation of computing resources and databetween different customers/clients and between different users withinthe same customer/client. Thus it is difficult. It would be useful to adata provider (and to a customer who consume this data) to achievecross-region and cross-cloud data sharing.

In one embodiment, for global data sharing, there are two types of data:standard and personalized. Standard data represent data that is the samefor every consumer. For example, there is no dynamic filtering of rowsbased on the consumer's account. In contrast, personalized datarepresents data that is unique to each consumer (or a group ofconsumers). In one embodiment, personalized data can have a secure viewto dynamically filter rows of the data based on the consumer's account,so each consumer sees their own slice of the data. In a furtherembodiment, for a data provider, this can mean they can create a viewfor some, or all their consumers instead of a view for each consumer.

In one embodiment, a listing for shared data can include metadataassociated with zero or more shares, or collection of database (DB)objects. In addition, the listing can be for free data or paid data.Furthermore, a data provider can grant access to a consumer for shareddata depending on whether the shared data is standard, where thecustomers each get access to the same shared data, or whether the shareddata is personalized, where data is shared on an individual or groupbasis. For personalized data, in one embodiment, a data provider addseach customer of the data to an entitlements table. Alternatively, anon-personalized data may still require some sort of approval processfor the customer to access the data. For example and in one embodiment,in a private exchange, getting access to a share might need an approvalworkflow even though the data itself is not personalized. Thus, in oneembodiment, for a standard data share, a data provider does not need tobe in the request fulfillment loop. Any consumer account that discoversthe listing can access the data and use this data to create a databasefrom it. Alternatively, for data shared by request, a data provider willneed to explicitly add the consumer to the share.

In another embodiment, standard shares may exist in the context of thedata exchange (whether, public or private) as the data exchangerepresents the membership base that it is made available to and howlistings are discovered. In one embodiment, data shared by a dataprovider is also called a data share. In one embodiment, a consumershould not really care about the underlying share type (e.g., Standardor By Request). In addition, a consumer can always interact with thestandard listing. In this embodiment, a data provider will have to beaware of shares to create them. However, the data exchange will handlethe creation of these shares.

In one embodiment, data shares outside of an exchange are, bydefinition, By Request shares. In addition, the data exchange caninclude unlisted or undiscoverable Standard Listings which do not havean entry in a data exchange. The effective membership base for this isany Snowflake customer. The listing, however, is not discoverable byconsumers as the data provider would send around a listing URL. In thisembodiment, anyone who views that URL and logs into the data exchangecan view the data and, for example, create a DB from the share.

In one embodiment, both Standard Listings and By Request listings couldbe free or paid. If the data share is free, a consumer can create a DBfrom the shared data, once the consumer accepts the provider terms. Ifdata share is paid, the consumer can accept terms and arrange forpayment. Then the consumer can create a DB from share. In oneembodiment, for a standard listing, the data can be available in aregion or not: If the data is not yet available in a region, consumerstill clicks get and can create a DB from the share. At this point, thedata exchange can let them know that the data will be available in acertain amount of time (e.g., could have visual countdown if it's inseconds or progress bar indication in the UI). In one embodiment, apersonalized data share can be a type of By Request share or listing.

FIG. 13A is a block diagram of an example system 1300 of multiple cloudcomputing platform sharing data with a data exchange. In FIG. 13A, thesystem 1300 includes two different cloud computing platforms 1302A-B,where each of the cloud computing platforms 1302A-B can be one of thecloud computing platforms described above in FIG. 1 . Each of the cloudcomputing platforms 1302A-B are coupled to a data exchange 1306. In oneembodiment, the data exchange 1306 is similar to the data exchangesdescribed above, with the exception that data exchange 1306 can supportdata sharing across multiple cloud computing platforms, such as cloudcomputing platforms 1302A-B.

In one embodiment, cloud computing platform 1302A includes data providershare 1304. In this embodiment, the data provider shares some or all ofits data 1304 via the data exchange 1306 that is visible to dataconsumers in both cloud computing platforms 1302A-B. For example and inone embodiment, data consumer 1308 that is in a different cloudcomputing platform (e.g., cloud computing platform 1302B) can view thelisting for the data provider share 1304 via the data exchange. If thedata consumer 1308 requests the listing, in response, the data exchange1306 can create a provider account in cloud computing platform 1302B forthe data provider share 1304, and replicate the data share to the cloudcomputing platform 1302B. With the data share replicated 1310 in cloudcomputing platform 1302B, the data consumer 1308 can access the data. Inone embodiment, the data exchange 1306 can replicate the entire dataprovider share 1304, or can replicate some of the data provider share1304. In one embodiment, the data provider indicates which parts of thedata provider share 1304 to be replicated. In another embodiment, thedata exchange 1304 infers what parts of the data provider share 1304 toreplicate. In this embodiment, the data exchange can infer the objectsof the data provider share that need to be replicated, the frequency aswhich these objects need to be replicated, and/or region of the consumeraccount and the corresponding provider secondary account.

FIG. 13B is a block diagram of an example system 1320 of a cloudcomputing platform sharing data with a data exchange across multipleregions of the cloud computing platform. In FIG. 13B, the system 1320includes a cloud computing platform with two different regions 1322A-B,where each of the cloud computing platforms region 1322A-B can be adifferent geographic region for that cloud computing platform (e.g.,US-West, US-East, Europe, Asia, and/or another type of geographicregion). In one embodiment, each of the cloud computing platform regions1322A-B are coupled to a data exchange 1306. In one embodiment, the dataexchange 1306 is similar to the data exchanges describe, with theexception that data exchange 1306 can support data sharing acrossmultiple cloud computing platforms, such as cloud computing platformregions 1322A-B.

In one embodiment, the cloud computing platform region 1322A includesdata provider share 1304. In this embodiment, the data provider sharessome or all of its data 1304 via the data exchange 1306 that is visibleto data consumers in both cloud computing platforms 1302A-B. For exampleand in one embodiment, data consumer 1308 that is in a different cloudcomputing platform region (e.g., cloud computing platform region 1302B)can view the listing for the data provider share 1304 via the dataexchange. If the data consumer 1308 requests the listing, in response,the data exchange 1306 can create a provider account in cloud computingplatform region 1322B for the data provider share 1304, and replicatethe data share to the cloud computing platform region 1322B. With thedata share replicated 1310 in cloud computing platform region 1322B, thedata consumer 1308 can access the data. In one embodiment, the dataexchange 1306 can replicate the entire data provider share 1304, or canreplicate some of the data provider share 1304. In one embodiment, thedata provider indicates which parts of the data provider share 1304 tobe replicated. In another embodiment, the data exchange 1304 infers whatparts of the data provider share 1304 to replicate. In this embodiment,the data exchange can infer the objects of the data provider share thatneed to be replicated, the frequency as which these objects need to bereplicated, and/or region of the consumer account and the correspondingprovider secondary account.

In one embodiment, there are different types of use cases for datasharing across deployments, such as across regions, across clouds,and/or as well as into/out from a VPC. For example and in oneembodiment, a data provider can provide non-personalized By Request datashares either in a data exchange or outside of the data exchange, whereconsumers can be in different deployments. In one embodiment, this isthe basic building block that some of the other type can be built on.Another use case type is a data provider of a standard listing that usedfor many different consumers (e.g. weather data on a public or privateexchange). A third use type case can be a data provider of personalizedshares/listings. This use case type could be on the public dataexchange, in a private data exchange, or outside the Exchange (just datasharing). Lastly, a use case type could be a consumer on VPC wantingaccess to a data share in a cloud computing platform. In one embodiment,an additional nuance is that a private data exchange adds that providersare added by the data exchange administrator. The data exchangeadministrator would ideally like to not have to train the providers inmanaging the complexities of setting up replication to share data fromthat provider to other private exchange members who may be on differentregions/clouds.

In one embodiment, a reservations data provider wants to share selecttables and/or views whose data is stored on is the US-West region of acloud computing platform and with a marketing data firm (whose mainaccount is on the same cloud computing platform, but in a differentregion, say US-East). In this embodiment, the reservations data provideris a customer of marketing data provider. A primary goal is formarketing data provider to process and incorporate this info into aproduct of the marketing data provider. In one embodiment, costs shouldimpact marketing data provider data exchange account, but not theaccount of the reservations data provider. In this embodiment, asecondary goal is for the marketing data provider to share certain viewsfrom the marketing data provider to reservations data provider. In thiscase, the reservations data provider is a customer of the marketing dataprovider, and so the marketing data provider does not want to makereservations data provider do the work. In addition, the marketing dataprovider have a view that references objects in another database, soboth databases must be replicated. In one embodiment, the reservationsdata provider determines which tables and/or views to list in the dataexchange. In response to the marketing data provider requesting the datashare via the data exchange, the data exchange creates an account in theUS-East region of the cloud computing provider and replicates therelevant data shares of the reservations data providers (e.g., the maindata share indicated by the reservations data provider as well as thedependent data). Sharing data across cloud computing platforms and/orregions is described further in FIG. 14 below.

In a further embodiment, in a private exchange, a non-profit researchinstitution wants listings that members have to request access to. Inthis embodiment, these requests trigger a workflow with cloud computingplatform, and each consumer is added once the approval is done. This isa common scenario in private exchange, where the data is notpersonalized but the consumer needs to go through an approval workflow.Sharing data across cloud computing platforms and/or regions using anapproval workflow is described further in FIG. 14 below.

In another embodiment, is that a data provider wishes to replicate acustomized set of data shares for a consumer across different cloudcomputing platforms and/or regions. In this embodiment, the dataprovider wishes only to replicate certain tables of their database. Atransportation analytics company its data in a cloud computing service,where each table contains data for a specific dataset. This companyshares specific datasets with customers based on what datasets thatcustomer is subscribed to. The transportation analytics company wants tomodel their data in cloud computing service independent of how shareswill be created. Then, when the transportation analytics company createsshares for specific customers, they want only those tables to bereplicated. Sharing data across cloud computing platforms and/or regionsusing an approval workflow is described further in FIG. 14 below.

In one embodiment, a standard listing on a public exchange can representincreased opportunities for the data exchange and/or the cloud computingservice. Paid standard shares present a new revenue stream withmonetization. In one embodiment, an experience for the consumer to beable to get the free or paid listing as immediately as possible. Sincethe provider is not explicitly adding the consumer to the share, theyare not in the user flow. In addition, a data provider has also said itwould also be ideal to incur replication cost based on demand. Forexample and in one embodiment, a weather data provider has madeavailable a free subset of their data as a free standard listings andwish to have a paid standard listing, where a customer can immediatelypay and get the pre-defined package. Third, for more custom packagesthey want the consumer to contact them and they will set up a directshare with the consumer. The most likely scenario in this case is thatfree listing is made available in (almost) all regions. For the paidlisting, data providers would want it to be available on any deploymentas soon as there is at least one paying consumer in that deployment orif the cloud computing service covers replication cost. Note that whilefree vs paid shares could be set up as a filter on rows (secure viewwithin one share) or set up as separate shares altogether, one scenariois that these are two separate shares. For example, a retail analyticsprovider would make a different share with a different set of objectsavailable for free vs paid. Within the paid share, this data providerwould have the ability for the consumer to select which rows they want,to create. dynamically created packages. For instance, a consumer willselect through the data exchange user interface that they want onlylocation data for “Type=McDonald's” and “State=CA”, and therefore payonly for the rows they get.

In one embodiment, various scenarios can be handled using the datareplication described above. For example and in one embodiment, a branddata provider is building its data-driven marketing solution on a cloudcomputing service. They will be a provider of both standard andpersonalized shares, on the public exchange. They have hundreds of TBsof data and can have hundreds of clients to share with, where most ofwhom will be new to the cloud computing service. Based on the data set aclient has purchased on their platform, they automatically insert theclients ID into an entitlements table in the cloud computing service andadd their consumer account to the share. They want this automaticsharing pipeline to work across regions & clouds with little or nomanual effort. In addition, the brand data provider may also want toshare data into a VPC.

A customer relationship company builds mobile marketing campaigns andshares the results with customers via the data exchange. In one example,the campaign data arrives into their 50 TB event table at least every 15minutes and consumer-specific data gets shared with consumers. Inaddition, this company wants a 15-minutes latency (or less) to theirconsumers.

An equipment manufacturer wants to share machine health data with 200dealers so they can take corrective actions. Data is not large in volumebut is coming throughout the day and they want latency and/or freshnessguarantees for their dealers. “I expected remote data sharing to be acontinuous data stream instead of a batch model.” The company will setup secure views based on an entitlements table that maps dealers toequipment, so that each dealer only sees rows that are relevant forthem.

In another example, and embodiment, VPC customers want to consume sharesfrom data providers who are in a multi-tenant deployment. In oneembodiment, a VPC is an on-demand configurable pool of shared computingresources allocated within a public cloud environment, providing a levelof isolation between the different organizations using the resources.For example, a financial company wants to consume marketing data fromcompanies like marketing companies. However, when directly consumingdata from these data sources, considerable effort is necessary to ingestthe data, and manage and maintain the ingestion process, and changemanagement of the underlying schemas. Solving problems, which usuallyare called “first mile problem of data ingestion,” can providetremendous benefits. The financial company can have the data processedby a third party before ingesting the data from the exchange. Inaddition, the financial company has multiple business units (Bus), whichhave different needs and visibility requirements for shared data. Forthat reason, the financial company needs the ability to apply finegrained security controls when sharing the data provided by the thirdparty company to its internal customers (BUs). Furthermore, any solutionto be considered must be easy to use (no additional coding and/orengineering time), robust (no fragile ongoing or maintenance processes.)Handling a workflow of this type is further described in FIG. 16 below.

FIG. 14 is a process flow diagram of a method 1400 for sharing dataacross multiple cloud computing services and/or across multiple regionswith a cloud computing service. In general, the method 1400 may beperformed by processing logic that may include hardware (e.g.,processing device, circuitry, dedicated logic, programmable logic,microcode, hardware of a device, integrated circuit, etc.), software(e.g., instructions run or executed on a processing device), or acombination thereof. For example, the processing logic may beimplemented as exchange manager 124. Method 1400 may begin at step 1402,where the processing logic receives an indication for data sharingacross different cloud computing platforms or a cloud computing platformthat has multiple regions. In one embodiment, a data provider can createa listing that is a standard one available to all customers, a datashare that is available by request, and/or other types of data share asdescribed above. Creating a list is further described in FIG. 15 below.At block 1404, processing logic receives request for listing of datasharing. In one embodiment, the request is associated with a customeraccount for an account that is part of a cloud computing platform orcloud computing platform region. For example and in one embodiment, therequest could be associated with a customer account that is a differentcloud computing platform and/or cloud computing platform region that isdifferent with the cloud computing platform and/or cloud computingplatform region associated with the listing. Processing logic determinesif a provider customer account is allowed in the cloud computingplatforms and/or cloud computing platform regions associated with thelisting request. For example and in one embodiment, the provider mayhave information that is not allowed out a certain region (e.g.,security data). If not, executing proceeds to block 1406, where an erroris returned. If the provider customer account is allowed, processinglogic creates the customer account the listing request at block 1410. Inone embodiment, if the request is for a consumer that is in differentcloud computing platforms and/or cloud computing platform regions,processing logic creates a provider account in that cloud computingplatforms and/or cloud computing platform regions, so the data providercan share the data with the requesting customer.

At block 1412, processing logic shares the data. In one embodiment,processing logic shares the data by replicating the data to the cloudcomputing platforms and/or cloud computing platform regions associatedwith the consumer who made the original listing request. In oneembodiment, processing logic can replicate the entire data share, orparts of the data share. In this embodiment, processing logic can inferwhich parts of the data is to be shared based on characteristics of therequesting consumer (geographical, temporal, etc.). In a furtherembodiment, processing logic can customize the data based on theconsumer (e.g., paid data represents one view as opposed to unpaid data,data shared is based on the region of the consumer, a consumer'saffiliations, and/or other types of characteristics). Processing logicsets up tasks for frequency replication at block 1414. In oneembodiment, by setting up these tasks, the data that is shared with thedifferent cloud computing platforms and/or cloud computing platformregions can be periodically refreshed, so that the data provider orconsumer does not need to manually refresh the data.

In FIG. 14 , a consumer requests shared data across different cloudcomputing platforms and/or cloud computing platform regions. In oneembodiment, the data provider can create a listing that allows for datato replicated across different cloud computing platforms and/or cloudcomputing platform regions. FIG. 15 is a process flow diagram of amethod 1500 for creating a listing within a data exchange, where thelisting is available in different cloud computing services and/or inmultiple regions with a cloud computing service. For example, theprocessing logic may be implemented as exchange manager 124. Method 1500may begin at step 1502, where the processing logic receives a request tocreate a data listing from a data provider. In one embodiment, the datalisting can include a listing types (e.g., Standard or By Request,whether a free or a paid listing, what data is to be shared (e.g., whichtables, rows, etc. of a database to share), any sharing restrictions,data provider information, and/or other information used for thelisting. At block 1504, processing logic creates the listing in the dataexchange. Processing logic can pre-emptively replicate the shared data,based on characteristics of the data to be shared and the cloudcomputing entities (e.g., cloud computing platforms and/or cloudcomputing platform regions) for the listing. For example and in oneembodiment, processing logic may share standard data to different cloudcomputing platforms where existing consumers are present, or maypreemptively share data based on geographic regions (e.g., sharingweather data based on cloud computing platform regions), and/or othercharacteristics. Processing logic sets up tasks for frequencyreplication at block 1508. In one embodiment, by setting up these tasks,the data that is shared with the different cloud computing platformsand/or cloud computing platform regions can be periodically refreshed,so that the data provider or consumer does not need to manually refreshthe data.

In one embodiment, another type of sharing model is one where a dataprovider provides the shared data to one or more third party entitiesbefore sharing the data with the consumer. This can be used topersonalize the shared data for the consumer. FIG. 16 is a process flowdiagram of a method 1600 for creating a listing for personalized shareswithin a data exchange, where the listing is available in differentcloud computing services and/or in multiple regions with a cloudcomputing service. For example, the processing logic may be implementedas exchange manager 124. Method 1600 may begin at step 1602, where theprocessing logic receives a request to create a listing from a dataprovider at block 1602. In one embodiment, a data provider can create alisting that is a standard one available to all customers, a data sharethat is available by request, and/or other types of data share asdescribed above. In a further embodiment, the listing can include a setof cloud computing platforms and/or cloud computing platform regionswhere the list can be visible. Listing could be visible in all possiblecloud computing regions and/or cloud computing platforms clouds or canbe a subset of all possible cloud computing regions and/or cloudcomputing platforms clouds. In addition, the listing can include otherinformation (e.g., allowed consumers for the data). Processing logiccreates the listing in the data exchange at block 1604. In oneembodiment, processing logic creates the listing by creating anentitlements map, which maps a consumer identifier to the data provider.In addition, the listing can include a secure view of the data, which isadded to the shared data.

At block 1606, processing logic determines which third party accountwill receive the data. In one embodiment, the shared data can bereplicated to another party for processing before the data is sharedwith a consumer. Processing logic determines which objects are to bereplicated to potential third parties at block 1608. At block 1610,processing logic replicates the data to the third party accounts.Processing logic determines the secure view for the shared data forpotential consumers at block 1612. In one embodiment, a secure view isused to create a secure way for the potential consumers to access theshared data. In this embodiment, there can be different secure view fordifferent potential consumers, group of consumers, or the same secureview for all potential consumers.

At block 1614, processing logic can pre-emptively replicate the shareddata and the entitlements table, based on characteristics of the data tobe shared and the cloud computing entities (e.g., cloud computingplatforms and/or cloud computing platform regions) for the listing. Forexample and in one embodiment, processing logic may share standard datato different cloud computing platforms where existing consumers arepresent, or may preemptively share data based on geographic regions(e.g., sharing weather data based on cloud computing platform regions),and/or other characteristics.

Processing logic receives a listing request at block 1616. In oneembodiment, the request is associated with a consumer account for anaccount that is part of cloud computing platform and/or cloud computingregion. For example, and in one embodiment, the request could beassociated with a consumer account that is on a different cloudcomputing platforms and/or cloud computing platform regions that isdifferent with the cloud computing platforms and/or cloud computingplatform regions than associated with the listing. Processing logicdetermines if a provider customer account is allowed in the cloudcomputing platform, cloud computing platform region, and/or VPCassociated with the listing request. For example and in one embodiment,the provider may have information that is not allowed out a certainregion (e.g., security of data, personally identifiable information,government restrictions, and/or other types of restrictions). If not,processing logic returns an error. If the provider customer account isallowed, processing logic creates the customer account the listingrequest at block 1618. In one embodiment, if the request is for aconsumer that is in different cloud computing platform, cloud computingplatform region, and/or VPC, processing logic creates a provider accountin that cloud computing platforms and/or cloud computing platformregions, so the data provider can share the data with the requestingcustomer.

At block 1620, processing logic shares the data using the secure viewassociated with the consumer. In one embodiment, processing logic sharesthe data by replicating the data using the secure view to the cloudcomputing platforms and/or cloud computing platform regions associatedwith the consumer who made the original listing request. In oneembodiment, processing logic can replicate the entire data share, orparts of the data share. In this embodiment, processing logic can inferwhich parts of the data is to be shared based on characteristics of therequesting consumer (geographical, temporal, etc.). Processing logicsets up tasks for frequency replication at block 1622. In oneembodiment, by setting up these tasks, the data that is shared with thecloud computing platforms and/or cloud computing platform regions can beperiodically refreshed, so that the data provider or consumer does notneed to manually refresh the data.

FIG. 17 is a process flow diagram of a method 1700 for sharing data witha VPC. For example, the processing logic may be implemented as exchangemanager 124. Method 1700 may begin at step 1702, where the processinglogic receives a listing request from a consumer using a VPC. In oneembodiment, processing logic uses an account of the VPC that has beencreated beforehand to share the data. At block 1704, processing logicreplicates the data to the consumer's VPC using the account. In oneembodiment, processing logic can replicate the entire data share, orparts of the data share. In this embodiment, processing logic can inferwhich parts of the data is to be shared based on characteristics of therequesting consumer (geographical, temporal, etc.). In this embodiment,the consumer sees the data share though a user interface associated withthe VPC account. The consumer can create a database from the shareddata. Processing logic sets up tasks for frequency replication at block1706. In one embodiment, by setting up these tasks, the data that isshared with the VPC can be periodically refreshed, so that the dataprovider or consumer does not need to manually refresh the data.

FIG. 18 is a block diagram of an example computing device 1800 that mayperform one or more of the operations described herein, in accordancewith some embodiments. Computing device 1800 may be connected to othercomputing devices in a LAN, an intranet, an extranet, and/or theInternet. The computing device may operate in the capacity of a servermachine in client-server network environment or in the capacity of aclient in a peer-to-peer network environment. The computing device maybe provided by a personal computer (PC), a set-top box (STB), a server,a network router, switch or bridge, or any machine capable of executinga set of instructions (sequential or otherwise) that specify actions tobe taken by that machine. Further, while only a single computing deviceis illustrated, the term “computing device” shall also be taken toinclude any collection of computing devices that individually or jointlyexecute a set (or multiple sets) of instructions to perform the methodsdiscussed herein.

The example computing device 1800 may include a processing device (e.g.,a general purpose processor, a PLD, etc.) 1802, a main memory 1804(e.g., synchronous dynamic random access memory (DRAM), read-only memory(ROM)), a static memory 1806 (e.g., flash memory and a data storagedevice 1818), which may communicate with each other via a bus 1830.

Processing device 1802 may be provided by one or more general-purposeprocessing devices such as a microprocessor, central processing unit, orthe like. In an illustrative example, processing device 1802 maycomprise a complex instruction set computing (CISC) microprocessor,reduced instruction set computing (RISC) microprocessor, very longinstruction word (VLIW) microprocessor, or a processor implementingother instruction sets or processors implementing a combination ofinstruction sets. Processing device 1802 may also comprise one or morespecial-purpose processing devices such as an application specificintegrated circuit (ASIC), a field programmable gate array (FPGA), adigital signal processor (DSP), network processor, or the like. Theprocessing device 1802 may be configured to execute the operationsdescribed herein, in accordance with one or more aspects of the presentdisclosure, for performing the operations and steps discussed herein. Inone embodiment, processing device 1802 represents cloud computingplatform 110 of FIG. 1 . In another embodiment, processing device 1802represents a processing device of a client device (e.g., client devices101-104).

Computing device 1800 may further include a network interface device1808 which may communicate with a network 1820. The computing device1800 also may include a video display unit 1810 (e.g., a liquid crystaldisplay (LCD) or a cathode ray tube (CRT)), an alphanumeric input device1812 (e.g., a keyboard), a cursor control device 1814 (e.g., a mouse)and an acoustic signal generation device 1816 (e.g., a speaker). In oneembodiment, video display unit 1810, alphanumeric input device 1812, andcursor control device 1814 may be combined into a single component ordevice (e.g., an LCD touch screen).

Data storage device 1818 may include a computer-readable storage medium1828 on which may be stored one or more sets of instructions, e.g.,instructions for carrying out the operations described herein, inaccordance with one or more aspects of the present disclosure. Privatedata exchange instructions 1826 may also reside, completely or at leastpartially, within main memory 1804 and/or within processing device 1802during execution thereof by computing device 1800, main memory 1804 andprocessing device 1802 also constituting computer-readable media. Theinstructions may further be transmitted or received over a network 1820via network interface device 1808.

While computer-readable storage medium 1828 is shown in an illustrativeexample to be a single medium, the term “computer-readable storagemedium” should be taken to include a single medium or multiple media(e.g., a centralized or distributed database and/or associated cachesand servers) that store the one or more sets of instructions. The term“computer-readable storage medium” shall also be taken to include anymedium that is capable of storing, encoding or carrying a set ofinstructions for execution by the machine and that cause the machine toperform the methods described herein. The term “computer-readablestorage medium” shall accordingly be taken to include, but not belimited to, solid-state memories, optical media and magnetic media.

Unless specifically stated otherwise, terms such as “receiving,”“receiving,” “creating,” “determining,” “sharing,” “providing,”“designating,” or the like, refer to actions and processes performed orimplemented by computing devices that manipulates and transforms datarepresented as physical (electronic) quantities within the computingdevice's registers and memories into other data similarly represented asphysical quantities within the computing device memories or registers orother such information storage, transmission or display devices. Also,the terms “first,” “second,” “third,” “fourth,” etc., as used herein aremeant as labels to distinguish among different elements and may notnecessarily have an ordinal meaning according to their numericaldesignation.

Examples described herein also relate to an apparatus for performing theoperations described herein. This apparatus may be specially constructedfor the required purposes, or it may comprise a general purposecomputing device selectively programmed by a computer program stored inthe computing device. Such a computer program may be stored in acomputer-readable non-transitory storage medium.

The methods and illustrative examples described herein are notinherently related to any particular computer or other apparatus.Various general purpose systems may be used in accordance with theteachings described herein, or it may prove convenient to construct morespecialized apparatus to perform the required method steps. The requiredstructure for a variety of these systems will appear as set forth in thedescription above.

The above description is intended to be illustrative, and notrestrictive. Although the present disclosure has been described withreferences to specific illustrative examples, it will be recognized thatthe present disclosure is not limited to the examples described. Thescope of the disclosure should be determined with reference to thefollowing claims, along with the full scope of equivalents to which theclaims are entitled.

As used herein, the singular forms “a”, “an” and “the” are intended toinclude the plural forms as well, unless the context clearly indicatesotherwise. It will be further understood that the terms “comprises”,“comprising”, “includes”, and/or “including”, when used herein, specifythe presence of stated features, integers, steps, operations, elements,and/or components, but do not preclude the presence or addition of oneor more other features, integers, steps, operations, elements,components, and/or groups thereof. Therefore, the terminology usedherein is for the purpose of describing particular embodiments only andis not intended to be limiting.

It should also be noted that in some alternative implementations, thefunctions/acts noted may occur out of the order noted in the figures.For example, two figures shown in succession may in fact be executedsubstantially concurrently or may sometimes be executed in the reverseorder, depending upon the functionality/acts involved.

Although the method operations were described in a specific order, itshould be understood that other operations may be performed in betweendescribed operations, described operations may be adjusted so that theyoccur at slightly different times or the described operations may bedistributed in a system which allows the occurrence of the processingoperations at various intervals associated with the processing.

Various units, circuits, or other components may be described or claimedas “configured to” or “configurable to” perform a task or tasks. In suchcontexts, the phrase “configured to” or “configurable to” is used toconnote structure by indicating that the units/circuits/componentsinclude structure (e.g., circuitry) that performs the task or tasksduring operation. As such, the unit/circuit/component can be said to beconfigured to perform the task, or configurable to perform the task,even when the specified unit/circuit/component is not currentlyoperational (e.g., is not on). The units/circuits/components used withthe “configured to” or “configurable to” language include hardware—forexample, circuits, memory storing program instructions executable toimplement the operation, etc. Reciting that a unit/circuit/component is“configured to” perform one or more tasks, or is “configurable to”perform one or more tasks, is expressly intended not to invoke 35 U.S.C.112, sixth paragraph, for that unit/circuit/component. Additionally,“configured to” or “configurable to” can include generic structure(e.g., generic circuitry) that is manipulated by software and/orfirmware (e.g., an FPGA or a general-purpose processor executingsoftware) to operate in manner that is capable of performing the task(s)at issue. “Configured to” may also include adapting a manufacturingprocess (e.g., a semiconductor fabrication facility) to fabricatedevices (e.g., integrated circuits) that are adapted to implement orperform one or more tasks. “Configurable to” is expressly intended notto apply to blank media, an unprogrammed processor or unprogrammedgeneric computer, or an unprogrammed programmable logic device,programmable gate array, or other unprogrammed device, unlessaccompanied by programmed media that confers the ability to theunprogrammed device to be configured to perform the disclosedfunction(s).

Any combination of one or more computer-usable or computer-readablemedia may be utilized. For example, a computer-readable medium mayinclude one or more of a portable computer diskette, a hard disk, arandom access memory (RAM) device, a read-only memory (ROM) device, anerasable programmable read-only memory (EPROM or Flash memory) device, aportable compact disc read-only memory (CDROM), an optical storagedevice, and a magnetic storage device. Computer program code forcarrying out operations of the present disclosure may be written in anycombination of one or more programming languages. Such code may becompiled from source code to computer-readable assembly language ormachine code suitable for the device or computer on which the code willbe executed.

Embodiments may also be implemented in cloud computing environments. Inthis description and the following claims, “cloud computing” may bedefined as a model for enabling ubiquitous, convenient, on-demandnetwork access to a shared pool of configurable computing resources(e.g., networks, servers, storage, applications, and services) that canbe rapidly provisioned (including via virtualization) and released withminimal management effort or service provider interaction and thenscaled accordingly. A cloud model can be composed of variouscharacteristics (e.g., on-demand self-service, broad network access,resource pooling, rapid elasticity, and measured service), servicemodels (e.g., Software as a Service (“SaaS”), Platform as a Service(“PaaS”), and Infrastructure as a Service (“IaaS”)), and deploymentmodels (e.g., private cloud, community cloud, public cloud, and hybridcloud). The flow diagrams and block diagrams in the attached figuresillustrate the architecture, functionality, and operation of possibleimplementations of systems, methods, and computer program productsaccording to various embodiments of the present disclosure. In thisregard, each block in the flow diagrams or block diagrams may representa module, segment, or portion of code, which comprises one or moreexecutable instructions for implementing the specified logicalfunction(s). It will also be noted that each block of the block diagramsor flow diagrams, and combinations of blocks in the block diagrams orflow diagrams, may be implemented by special purpose hardware-basedsystems that perform the specified functions or acts, or combinations ofspecial purpose hardware and computer instructions. These computerprogram instructions may also be stored in a computer-readable mediumthat can direct a computer or other programmable data processingapparatus to function in a particular manner, such that the instructionsstored in the computer-readable medium produce an article of manufactureincluding instruction means which implement the function/act specifiedin the flow diagram and/or block diagram block or blocks.

The foregoing description, for the purpose of explanation, has beendescribed with reference to specific embodiments. However, theillustrative discussions above are not intended to be exhaustive or tolimit the invention to the precise forms disclosed. Many modificationsand variations are possible in view of the above teachings. Theembodiments were chosen and described in order to best explain theprinciples of the embodiments and its practical applications, to therebyenable others skilled in the art to best utilize the embodiments andvarious modifications as may be suited to the particular usecontemplated. Accordingly, the present embodiments are to be consideredas illustrative and not restrictive, and the invention is not to belimited to the details given herein, but may be modified within thescope and equivalents of the appended claims.

The invention claimed is:
 1. A method comprising: generating a consumeraccount for a first cloud computing entity; copying, to the first cloudcomputing entity using the consumer account of the first cloud computingentity, a data set associated with a provider account of a second cloudcomputing entity, wherein the first cloud computing entity and thesecond cloud computing entity represent different regions of a cloudcomputing platform, wherein the provider account of the second cloudcomputing entity does not have access to the first cloud computingentity; and accessing, by the consumer account, the copy of the dataset.
 2. The method of claim 1, wherein a user prohibited from accessingthe data set on the second cloud computing entity is granted access tothe data set on the first cloud computing entity.
 3. The method of claim1, wherein access by a user to the data set on the first cloud computingentity is filtered to restrict access to data associated with the user.4. The method of claim 1, further comprising: allowing access by a userto the data set on the first cloud computing entity; and disallowingaccess by the user to the data set on the second cloud computing entity.5. The method of claim 1, wherein the different regions of the cloudcomputing platform represent different geographic regions.
 6. The methodof claim 1, wherein changes to the data set in one region of the cloudcomputing platform are replicated to other regions of the cloudcomputing platform.
 7. The method of claim 1, wherein the data set iscopied using an approval workflow.
 8. The method of claim 1, wherein thedata set is periodically refreshed to the first cloud computing entity.9. The method of claim 1, wherein a refresh of the data set to the firstcloud computing entity is initiated by a user query to the first cloudcomputing entity.
 10. The method of claim 1, wherein the consumeraccount for the first cloud computing entity is a member of anentitlement table associated with the provider account of the secondcloud computing entity.
 11. A non-transitory machine-readable mediumstoring instructions which, when executed by one or more processors of acomputing device, cause the one or more processors to: generate aconsumer account for a first cloud computing entity; copy, to the firstcloud computing entity using the consumer account of the first cloudcomputing entity, a data set associated with a provider account of asecond cloud computing entity, wherein the first cloud computing entityand the second cloud computing entity represent different regions of acloud computing platform, wherein the provider account of the secondcloud computing entity does not have access to the first cloud computingentity; and access, by the consumer account, the copy of the data set.12. The non-transitory machine-readable medium of claim 11, wherein theinstructions further cause the computing device to grant access to auser, prohibited from accessing the data set on the second cloudcomputing entity, to the data set on the first cloud computing entity.13. The non-transitory machine-readable medium of claim 11, wherein theinstructions further cause access by a user to the data set on the firstcloud computing entity to be filtered to restrict access to dataassociated with the user.
 14. The non-transitory machine-readable mediumof claim 11, wherein the instructions further cause the computing deviceto: allow access by a user to the data set on the first cloud computingentity; and disallow access by the user to the data set on the secondcloud computing entity.
 15. The non-transitory machine-readable mediumof claim 11, wherein the different regions of the cloud computingplatform represent different geographic regions.
 16. The non-transitorymachine-readable medium of claim 11, wherein the instructions furthercause changes to the data set in one region of the cloud computingplatform to be replicated to other regions of the cloud computingplatform.
 17. The non-transitory machine-readable medium of claim 11,wherein the instructions further cause the computing device to copy thedata set using an approval workflow.
 18. The non-transitorymachine-readable medium of claim 11, wherein the instructions furthercause the computing device to periodically refresh the data set from thesecond cloud computing entity.
 19. The non-transitory machine-readablemedium of claim 11, wherein the instructions further cause a user queryto the second cloud computing entity to initiate a refresh of the dataset to the first cloud computing entity.
 20. A system comprising: afirst cloud computing entity; a second cloud computing entity; and adata exchange to: generate a consumer account for the first cloudcomputing entity; copy, to the first cloud computing entity using theconsumer account of the first cloud computing entity, a data setassociated with a provider account of a second cloud computing entity,wherein the first cloud computing entity and the second cloud computingentity represent different regions of a cloud computing platform,wherein the provider account of the second cloud computing entity doesnot have access to the first cloud computing entity; and access, by theconsumer account, the copy of the data set.
 21. The system of claim 20,wherein the data exchange grants access, to a user prohibited fromaccessing the data set on the second cloud computing entity, to the copyof the data set on the first cloud computing entity.